Lucene search
K

11 matches found

CVE
CVE
added 2 days ago23 views

CVE-2026-56271

Flowise prior to 3.1.0 (versions

9.8CVSS6.1AI score0.00396EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43228

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS6.1AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS0.00396EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56271 Flowise - Weak Default JWT Secrets in Authentication Middleware

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.3CVSS6.1AI score0.00396EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/16 9:21 p.m.9 views

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-ui is a Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting valid JWTs usin...

5.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:21 p.m.14 views

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting...

5.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:21 p.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators...

5.6CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/07/22 9:34 p.m.47 views

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

7.3CVSS0.00316EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/11 12:25 a.m.7 views

CVE-2025-4855

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sbencryption function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization...

9.8CVSS7.8AI score0.00832EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 11:22 p.m.48 views

CVE-2025-4855

CVE-2025-4855 concerns the WordPress plugin Support Board. Multiple sources confirm a vulnerability in all versions up to 3.8.0 where hardcoded default secrets in sb_encryption() enable unauthenticated bypass of authorization and the execution of arbitrary AJAX actions via sb_ajax_execute(). This...

9.8CVSS7.1AI score0.00338EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/25 8:55 p.m.30 views

CVE-2021-43799 RabbitMQ exposes ports with weak default secrets in Zulip Server

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...

8.6CVSS9.8AI score0.05386EPSS
Exploits1References4
Rows per page
Query Builder