{"vulnerability": "cve-2025-7133", "sightings": [{"uuid": "55d268f6-979a-4517-a804-382ef949b1d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71339", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow4dghexk2m", "content": "CVE-2025-71339 - Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget\nCVE ID : CVE-2025-71339\n \n Published : June 22, 2026, 9:04 p.m. | 2\u00a0hours, 5\u00a0minutes ago\n \n Description : Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran...", "creation_timestamp": "2026-06-23T00:09:32.881187Z"}, {"uuid": "e65eddd4-553b-4a12-a543-e8941bea35c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-71339", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-6556-fwc2-fg2p", "content": "", "creation_timestamp": "2025-12-30T15:20:14.000000Z"}, {"uuid": "57814d99-a0ca-43eb-a197-441933b0d683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71337", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moxks42chc2l", "content": "CVE-2025-71337 - Flowise - Unverified Email Change via Account Profile Endpoint\nCVE ID : CVE-2025-71337\n \n Published : 23 juin 2026 12:12 | 1\u00a0heure, 30\u00a0minutes ago\n \n Description : Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change ...", "creation_timestamp": "2026-06-23T14:00:57.291261Z"}, {"uuid": "13ee5c87-be6a-4e5c-901a-94772fc912f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71332", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mozzaue52o2s", "content": "CVE-2025-71332 - Flowise - SQL Injection in importChatflows API via chatflow.id Parameter\nCVE ID : CVE-2025-71332\n \n Published : June 24, 2026, 11:53 a.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatfl...", "creation_timestamp": "2026-06-24T13:25:13.673298Z"}, {"uuid": "27b1ecf4-b7b4-47e3-8e8b-1e1f74ce5936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71332", "type": "seen", "source": "https://bsky.app/profile/cybersecinsight.bsky.social/post/3mp4dthrnkv2p", "content": "\ud83d\udd0d Vulnerability Spotlight | Part 2/3\n\n\u26a0\ufe0f CVE-2025-71332\n\nFlowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, a...", "creation_timestamp": "2026-06-25T11:39:45.856577Z"}, {"uuid": "6b9b46f2-4de3-458c-9292-8e8501fdb599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71338", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5snqz3t32a", "content": "CVE-2025-71338 - Flowise - Arbitrary File Write to Remote Code Execution via document-store API\nCVE ID : CVE-2025-71338\n \n Published : June 25, 2026, 9:41 p.m. | 3\u00a0hours, 30\u00a0minutes ago\n \n Description : Flowise contains a path traversal vulnerability in the /api/v1/document-st...", "creation_timestamp": "2026-06-26T01:37:39.900078Z"}, {"uuid": "51eb14ec-792e-4acd-8a3e-af171ea46708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71336", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5st4zv2y2p", "content": "CVE-2025-71336 - Flowise - Unsandboxed Remote Code Execution via Custom MCP\nCVE ID : CVE-2025-71336\n \n Published : June 25, 2026, 9:41 p.m. | 3\u00a0hours, 30\u00a0minutes ago\n \n Description : Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed rem...", "creation_timestamp": "2026-06-26T01:40:40.417161Z"}, {"uuid": "4be1837d-f422-48ef-9cf3-ea937ebbb8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71333", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5sz445uz2z", "content": "CVE-2025-71333 - Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint\nCVE ID : CVE-2025-71333\n \n Published : June 25, 2026, 9:41 p.m. | 3\u00a0hours, 30\u00a0minutes ago\n \n Description : Flowise through 2.2.4 contains an unauthenticated arbitrary file upload ...", "creation_timestamp": "2026-06-26T01:44:00.789174Z"}, {"uuid": "6371cb65-737c-4073-bb4c-f183280ad079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71335", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5ucg46sb27", "content": "CVE-2025-71335 - Flowise - Session Invalidation Failure After Password Change\nCVE ID : CVE-2025-71335\n \n Published : June 25, 2026, 9:41 p.m. | 3\u00a0hours, 30\u00a0minutes ago\n \n Description : Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing ses...", "creation_timestamp": "2026-06-26T02:07:07.071985Z"}, {"uuid": "34ce506b-74da-481e-98cb-74954674d0b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71334", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5ulem5oj2x", "content": "CVE-2025-71334 - Flowise - Arbitrary File Access via Missing Chat Flow ID Validation\nCVE ID : CVE-2025-71334\n \n Published : June 25, 2026, 9:41 p.m. | 3\u00a0hours, 30\u00a0minutes ago\n \n Description : Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file...", "creation_timestamp": "2026-06-26T02:12:07.686046Z"}, {"uuid": "275c321b-213f-4889-b41c-74afd7950d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71335", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmo64lnd62q", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-71335 \u0432 Flowise: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D1783A2E-BE5A-4512-8539-52BC20BD6CD2", "creation_timestamp": "2026-07-01T23:27:16.662003Z"}, {"uuid": "0f05db2d-206b-476f-8458-cf1f85027184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71336", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmo77pnlq2i", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-71336 \u0432 Flowise: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/DE2C0C1F-8CBA-4506-8F03-5909A1EA3403", "creation_timestamp": "2026-07-01T23:27:53.322743Z"}, {"uuid": "db1aec51-aaee-456d-a7fc-00d2d8823342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71338", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmoiwv4gv22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-71338 \u0432 Flowise: \u043f\u0443\u0442\u044c \u043a \u0442\u0440\u0430\u0432\u0435\u0440\u0441\u0430\u043b\u0443 \u0438 \u0437\u0430\u0449\u0438\u0442\u0430 \u0434\u0430\u043d\u043d\u044b\u0445\n\n\n\nhttps://kripta.biz/posts/EE8DF722-2E58-40EE-872D-C4B19D08ECF2", "creation_timestamp": "2026-07-01T23:33:19.803893Z"}, {"uuid": "674a557a-f061-47b2-b3a1-811ab2a11438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71333", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmolxzozw2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-71333 \u0432 Flowise: \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0443\u0433\u0440\u043e\u0437\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\n\nhttps://kripta.biz/posts/70BF9BB3-14CE-4E9C-8318-79B688FD2A61", "creation_timestamp": "2026-07-01T23:35:01.457652Z"}, {"uuid": "6ed33f53-6215-49b8-af29-3da724e37e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71334", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmopslqvg2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-71334 \u0432 Flowise: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/3261E185-26D3-4B30-9CDB-F906B349320C", "creation_timestamp": "2026-07-01T23:37:09.866155Z"}, {"uuid": "778d3254-4e3d-4281-a49d-f6987d515c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71338", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpn44u4jri2o", "content": "\ud83d\udccc CVE-2025-71338 - Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write a... https://www.cyberhub.blog/cves/CVE-2025-71338", "creation_timestamp": "2026-07-02T03:37:45.227566Z"}, {"uuid": "c0a7c3f7-4f69-49d5-bf7e-d5b52ca54e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71333", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpnb5sdxo22f", "content": "\ud83d\udccc CVE-2025-71333 - Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to l... https://www.cyberhub.blog/cves/CVE-2025-71333", "creation_timestamp": "2026-07-02T05:07:06.832853Z"}, {"uuid": "36156560-6b0c-4384-aed8-6b52489dc0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71334", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpnctgoik62a", "content": "\ud83d\udccc CVE-2025-71334 - Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflow... https://www.cyberhub.blog/cves/CVE-2025-71334", "creation_timestamp": "2026-07-02T05:37:06.605768Z"}, {"uuid": "10cf3fda-146f-493d-8caf-d2a17b9d09c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71336", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpnej4hsra22", "content": "\ud83d\udccc CVE-2025-71336 - Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP featu... https://www.cyberhub.blog/cves/CVE-2025-71336", "creation_timestamp": "2026-07-02T06:07:08.217716Z"}]}