Flowiseai

Flowise

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-57164

Exploit
  • EPSS 0.2%
  • Veröffentlicht 17.10.2025 00:00:00
  • Zuletzt bearbeitet 23.10.2025 12:33:49

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.

9.9

CVE-2025-34267

Exploit
  • EPSS 0.69%
  • Veröffentlicht 14.10.2025 19:31:50
  • Zuletzt bearbeitet 27.10.2025 19:12:43

Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nod...

9.9

CVE-2025-61913

Exploit
  • EPSS 0.9%
  • Veröffentlicht 08.10.2025 22:43:24
  • Zuletzt bearbeitet 20.10.2025 15:23:05

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerab...

8.8

CVE-2025-61687

Exploit
  • EPSS 0.13%
  • Veröffentlicht 06.10.2025 15:54:56
  • Zuletzt bearbeitet 16.10.2025 18:12:37

Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers ...

6.1

CVE-2025-50538

Exploit
  • EPSS 0.07%
  • Veröffentlicht 06.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 17:03:12

Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.

6.1

CVE-2025-29192

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.10.2025 00:00:00
  • Zuletzt bearbeitet 07.10.2025 17:03:25

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.

10

CVE-2025-59528

Exploit
  • EPSS 83%
  • Veröffentlicht 22.09.2025 20:15:39
  • Zuletzt bearbeitet 23.09.2025 16:45:09

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external M...

7.5

CVE-2025-59527

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.09.2025 20:15:39
  • Zuletzt bearbeitet 23.09.2025 16:47:43

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerab...

9.6

CVE-2025-59434

  • EPSS 0.05%
  • Veröffentlicht 22.09.2025 20:15:39
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment varia...

9.8

CVE-2025-58434

Medienbericht Exploit
  • EPSS 7.57%
  • Veröffentlicht 12.09.2025 17:37:08
  • Zuletzt bearbeitet 20.09.2025 02:54:59

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authen...