Flowiseai

Flowise

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-8943

Exploit
  • EPSS 81.57%
  • Veröffentlicht 14.08.2025 09:54:22
  • Zuletzt bearbeitet 23.09.2025 15:23:05

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). ...

7.6

CVE-2025-29189

Exploit
  • EPSS 0.56%
  • Veröffentlicht 09.04.2025 00:00:00
  • Zuletzt bearbeitet 22.04.2025 17:11:10

Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.

9.8

CVE-2025-26319

Exploit
  • EPSS 77.05%
  • Veröffentlicht 04.03.2025 22:15:40
  • Zuletzt bearbeitet 24.06.2025 00:50:39

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

6.1

CVE-2024-9148

Exploit
  • EPSS 1.93%
  • Veröffentlicht 25.09.2024 01:15:49
  • Zuletzt bearbeitet 30.09.2024 17:34:12

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.

7.5

CVE-2024-8182

  • EPSS 1.45%
  • Veröffentlicht 27.08.2024 13:15:07
  • Zuletzt bearbeitet 30.08.2024 13:53:52

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api end...

8.1

CVE-2024-8181

  • EPSS 60.84%
  • Veröffentlicht 27.08.2024 13:15:06
  • Zuletzt bearbeitet 06.09.2024 15:35:07

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

6.1

CVE-2024-37146

Exploit
  • EPSS 0.32%
  • Veröffentlicht 01.07.2024 19:15:04
  • Zuletzt bearbeitet 21.11.2024 09:23:17

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used...

6.1

CVE-2024-37145

Exploit
  • EPSS 0.41%
  • Veröffentlicht 01.07.2024 19:15:03
  • Zuletzt bearbeitet 21.11.2024 09:23:17

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration...

6.1

CVE-2024-36423

Exploit
  • EPSS 0.32%
  • Veröffentlicht 01.07.2024 19:15:03
  • Zuletzt bearbeitet 21.11.2024 09:22:09

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is...

6.1

CVE-2024-36422

Exploit
  • EPSS 0.24%
  • Veröffentlicht 01.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:22:08

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (u...