Vulnerabilidades em FlowiseAI
62 resultadosCVE-2026-46479HIGHFlowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeoverEPSS 0.3%CVE-2026-46480HIGHFlowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeoverEPSS 0.3%CVE-2026-46477HIGHFlowise: Dataset create+update mass-assignment allows cross-workspace dataset takeoverEPSS 0.3%CVE-2026-46476HIGHFlowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeoverEPSS 0.3%CVE-2026-46475HIGHFlowise: Assistant create+update mass-assignment allows cross-workspace assistant takeoverEPSS 0.3%CVE-2026-41267HIGHFlowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization AssociationEPSS 0.3%CVE-2026-41277HIGHFlowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)EPSS 0.3%CVE-2026-46444HIGHFlowise: Vector Store No Permission ChecksEPSS 0.3%CVE-2026-41273HIGHFlowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public ChatflowEPSS 0.3%CVE-2026-8027MEDIUMFlowiseAI Flowise User Controller authorizationEPSS 0.3%CVE-2026-46441HIGHFlowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-46443HIGHFlowise: Credential Data LeakEPSS 0.3%CVE-2026-42863HIGHFlowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow ReassignmentEPSS 0.3%CVE-2026-41279HIGHFlowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentialsEPSS 0.3%CVE-2026-8026MEDIUMFlowiseAI Flowise API Response account.service.ts login information disclosureEPSS 0.3%CVE-2026-42861HIGHFlowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-46440HIGHFlowise: Basic Auth Credentials Exposed via APIEPSS 0.3%CVE-2026-41270HIGHFlowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function SandboxEPSS 0.2%CVE-2026-41271HIGHFlowise: APIChain Prompt Injection SSRF in GET/POST API ChainsEPSS 0.2%CVE-2026-41272HIGHFlowise: SSRF Protection Bypass (TOCTOU & Default Insecure)EPSS 0.2%