Flowiseai

Flowise

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-8182

  • EPSS 1.11%
  • Veröffentlicht 27.08.2024 13:15:07
  • Zuletzt bearbeitet 30.08.2024 13:53:52

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api end...

8.1

CVE-2024-8181

  • EPSS 60.84%
  • Veröffentlicht 27.08.2024 13:15:06
  • Zuletzt bearbeitet 06.09.2024 15:35:07

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

6.1

CVE-2024-37146

Exploit
  • EPSS 0.32%
  • Veröffentlicht 01.07.2024 19:15:04
  • Zuletzt bearbeitet 21.11.2024 09:23:17

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used...

6.1

CVE-2024-37145

Exploit
  • EPSS 0.41%
  • Veröffentlicht 01.07.2024 19:15:03
  • Zuletzt bearbeitet 21.11.2024 09:23:17

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration...

6.1

CVE-2024-36423

Exploit
  • EPSS 0.32%
  • Veröffentlicht 01.07.2024 19:15:03
  • Zuletzt bearbeitet 21.11.2024 09:22:09

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is...

6.1

CVE-2024-36422

Exploit
  • EPSS 0.24%
  • Veröffentlicht 01.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:22:08

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (u...

7.5

CVE-2024-36421

Exploit
  • EPSS 1.63%
  • Veröffentlicht 01.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:22:08

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In...

7.5

CVE-2024-36420

Exploit
  • EPSS 0.34%
  • Veröffentlicht 01.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:22:08

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the ...

7.6

CVE-2024-31621

Exploit
  • EPSS 82.51%
  • Veröffentlicht 29.04.2024 17:15:19
  • Zuletzt bearbeitet 27.05.2025 13:44:38

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.