Search
Search Results (24 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36420 | 1 Flowiseai | 1 Flowise | 2024-11-21 | 7.5 High |
| Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the `fileName` body parameter. No known patches for this issue are available. | ||||
| CVE-2024-9148 | 1 Flowiseai | 2 Embed, Flowise | 2024-09-30 | 9.6 Critical |
| Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. | ||||
| CVE-2024-8181 | 1 Flowiseai | 1 Flowise | 2024-09-06 | 9.8 Critical |
| An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. | ||||
| CVE-2024-8182 | 1 Flowiseai | 1 Flowise | 2024-08-30 | 7.5 High |
| An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint. | ||||