Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Flowise: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Flowise: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover
Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover
Flowise: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
Flowise: Assistant create+update mass-assignment allows cross-workspace assistant takeover
Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment
Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment
Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment
Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment
IRIS has a Mass Assignment issue
electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.
Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
Broken Access Control in extension "Frontend User Registration" (sf_register)
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update
Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive
Showing 1 - 20 of 1,000+ results