|
331
|
8.2 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacke…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41273
|
2026-04-25 01:35 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
9.8 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations …
New
|
CWE-287
Improper Authentication
|
CVE-2026-41276
|
2026-04-25 01:32 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitiz…
New
|
CWE-200
Information Exposure
|
CVE-2026-41278
|
2026-04-25 01:31 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
7.5 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41279
|
2026-04-25 01:31 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
9.8 |
CRITICAL
Network
|
-
|
-
|
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metachara…
New
|
-
|
CVE-2026-6942
|
2026-04-25 01:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
- |
|
-
|
-
|
Rejected reason: This CVE is a duplicate of another CVE.
New
|
-
|
CVE-2026-40609
|
2026-04-25 01:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6750
|
2026-04-25 00:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target pa…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-35341
|
2026-04-25 00:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing…
New
|
CWE-284
Improper Access Control
|
CVE-2026-29197
|
2026-04-25 00:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an a…
New
|
CWE-94
Code Injection
|
CVE-2026-41137
|
2026-04-25 00:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
