Vulnerabilidades em FlowiseAI
62 resultadosCVE-2026-46442CRITICALFlowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox EscapeEPSS 0.8%CVE-2026-41138HIGHFlowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.EPSS 0.6%CVE-2024-9148CRITICALFlowise Stored Cross-Site ScriptingEPSS 0.6%CVE-2026-41264CRITICALFlowise: CSV Agent Prompt Injection Remote Code Execution VulnerabilityEPSS 0.5%CVE-2026-41274CRITICALFlowise: Cypher Injection in GraphCypherQAChainEPSS 0.5%CVE-2026-30820HIGHFlowise Authorization Bypass via Spoofed x-request-from HeaderEPSS 0.5%CVE-2026-41269HIGHFlowise: File Upload Validation Bypass in createAttachmentEPSS 0.5%CVE-2026-41265CRITICALFlowise: Airtable_Agent Code Injection Remote Code Execution VulnerabilityEPSS 0.5%CVE-2024-37145MEDIUMGHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/idEPSS 0.5%CVE-2026-30823HIGHFlowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO ConfigurationEPSS 0.4%CVE-2026-41278HIGHFlowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDsEPSS 0.4%CVE-2024-36422MEDIUMGHSL-2023-245: Flowise xss in api/v1/chatflows/idEPSS 0.4%CVE-2024-37146MEDIUMGHSL-2023-248: Flowise xss in /api/v1/credentials/idEPSS 0.4%CVE-2024-36423MEDIUMGHSL-2023-246: Flowise xss in /api/v1/public-chatflows/idEPSS 0.4%CVE-2026-8028MEDIUMFlowiseAI Flowise Endpoint account.service.ts verify information disclosureEPSS 0.4%CVE-2026-43995MEDIUMFlowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)EPSS 0.4%CVE-2025-29192HIGHFlowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.EPSS 0.4%CVE-2026-41266HIGHFlowise: Sensitive Data Leak in public-chatbotConfigEPSS 0.3%CVE-2026-46478HIGHFlowise: DatasetRow create+update mass-assignment allows cross-workspace row takeoverEPSS 0.3%CVE-2026-12821MEDIUMFlowiseAI Flowise S3 Document Loader S3.ts path traversalEPSS 0.3%