flowiseai
AI / MLoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting flowiseai.
- CVE-2025-71328Flowise - Unverified Password Change via Account Settings8.3
- CVE-2025-71327Flowise - Authentication Bypass via Unprotected Registration Endpoint9.1
- CVE-2025-71324Flowise - Arbitrary File Read via chatId Parameter7.5
- CVE-2026-56272Flowise - Insufficient Password Salt Rounds in Bcrypt Hashing4.1
- CVE-2026-56269Flowise - Weak Default Token Hash Secret in JWT Token Encryption4.6
- CVE-2026-56270Flowise - Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint7.5
- CVE-2025-71332Flowise - SQL Injection in importChatflows API via chatflow.id Parameter6.5
- CVE-2026-56275Flowise - Server-Side Request Forgery via Execute Flow Base URL7.1
- CVE-2026-56274Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess9.9
- CVE-2025-71337Flowise - Unverified Email Change via Account Profile Endpoint8.3
- CVE-2026-56268Flowise - Cross-Workspace Information Disclosure via chatflows/apikey Endpoint7.7
- CVE-2026-12821FlowiseAI Flowise S3 Document Loader S3.ts path traversal6.3
- CVE-2025-71331Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows6.1
- CVE-2026-46480Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover8.8
- CVE-2026-46479Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover8.8