Vulnerabilidades em FlowiseAI
62 resultadosCVE-2025-59528CRITICALFlowise has Remote Code Execution vulnerabilityEPSS 90.2%CVE-2025-58434CRITICALFlowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account TakeoverEPSS 50.1%CVE-2024-8181CRITICALFlowise Authentication BypassEPSS 46.1%CVE-2026-30824HIGHFlowise: Missing Authentication on NVIDIA NIM EndpointsEPSS 36.3%CVE-2026-30821HIGHFlowise: Arbitrary File Upload via MIME SpoofingEPSS 18.3%CVE-2024-8182HIGHFlowise Denial of ServiceEPSS 13.9%CVE-2026-41268HIGHFlowise: Flowise Parameter Override Bypass Remote Command ExecutionEPSS 13.8%CVE-2026-30822HIGHFlowise: Mass Assignment in `/api/v1/leads` EndpointEPSS 12.9%CVE-2025-50538HIGHFlowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.EPSS 12.9%CVE-2025-61913CRITICALFlowise is vulnerable to arbitrary file read, arbitrary file writeEPSS 11.9%CVE-2025-61687HIGHFlowiseAI/Flosise has File Upload vulnerabilityEPSS 10.2%CVE-2024-36421HIGHGHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.tsEPSS 8.5%CVE-2026-41276HIGHFlowise: AccountService resetPassword Authentication Bypass VulnerabilityEPSS 6.9%CVE-2025-34267HIGHFlowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright PackagesEPSS 6.0%CVE-2025-59527HIGHFlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerabilityEPSS 4.6%CVE-2025-59434CRITICALCritical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript FunctionEPSS 3.1%CVE-2026-31829HIGHFlowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network AccessEPSS 2.3%CVE-2026-40933CRITICALFlowise: Authenticated RCE Via MCP AdaptersEPSS 2.0%CVE-2024-36420HIGHGHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-fileEPSS 1.8%CVE-2026-41137CRITICALFlowise: Code Injection in CSVAgent leads to Authenticated RCEEPSS 1.5%