Tag
critical
advisory
FlowiseAI File Upload Validation Bypass Leads to RCE
2 rules 2 TTPs 1 CVEA file upload validation bypass vulnerability exists in FlowiseAI, where the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type, enabling an attacker to upload .js files, store malicious Node.js web shells on the server, and potentially achieve Remote Code Execution (RCE).
flowiseai
file-upload
rce
web-shell
2r
2t
1c
critical
advisory
FlowiseAI AirtableAgent Remote Code Execution via Prompt Injection
2 rules 1 TTPA remote code execution vulnerability exists in FlowiseAI's AirtableAgent.ts due to insufficient input verification when using Pandas, allowing attackers to inject malicious code into the prompt and execute arbitrary code via Pyodide.
flowiseai
rce
prompt-injection
airtable
2r
1t