Security Vulnerabilities
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
CVSS Score
7.7
EPSS Score
0.003
Published
2026-06-08
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.
CVSS Score
7.7
EPSS Score
0.003
Published
2026-06-08
Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages.
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
CVSS Score
6.5
EPSS Score
0.005
Published
2026-06-08
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.
This issue affects Apache HTTP Server: from through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVSS Score
5.5
EPSS Score
0.002
Published
2026-06-08
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVSS Score
7.3
EPSS Score
0.005
Published
2026-06-08
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server.
This issue affects undefined: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVSS Score
7.3
EPSS Score
0.006
Published
2026-06-08
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.005
Published
2026-06-08
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.
Users are recommended to upgrade to version 2.4.68, which fixes this issue.
CVSS Score
9.1
EPSS Score
0.006
Published
2026-06-08
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.005
Published
2026-06-08
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces. This behavior may break tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.
CVSS Score
7.6
EPSS Score
0.002
Published
2026-06-08