GHSA-CC4F-HJPJ-G9P8 Flowise: Weak Default JWT Secrets

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Critical | | Location | packages/server/src/enterprise/middleware/passport/index.ts:29-34 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description JWT secrets have weak...

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-ui is a Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting valid JWTs usin...

CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

EUVD-2026-23233

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

GHSA-PHV5-VQ5P-QHP7 Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to JWT Tokens being embedded inside workload object in task logs. An attacker can gain unauthorized access to sensitive information by viewing log files containing JWT tokens. This...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Connect2id Nimbus JOSE + JWT library

Summary Due to use of the Connect2id Nimbus JOSE + JWT library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x...

CVE-2026-31987

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

CVE-2026-31987 Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

CVE-2026-31987 Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

CVE-2026-31987

Apache Airflow CVE-2026-31987 involves JWT tokens used by tasks being logged, exposing credentials in logs and potentially allowing UI users to act as Dag Authors. Affected software: Airflow (pre-3.2.0). Vulnerable component: JWT handling/logging of tokens in tasks. Root cause: not explicitly sta...

CVE-2026-31987

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

Security update for kea

This update for kea fixes the following issues: Update to release 2.6.5: A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. CVE-2026-3608 bsc1260380 A null dereference is n...

CVE-2025-66236

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

SUSE SLES15 Security Update : mariadb (SUSE-SU-2026:1367-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1367-1 advisory. Update to version 11.8.6. - https://mariadb.com/docs/release-notes/community-server/11.8/11.8.6 -...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, wher...

PT-2026-33314

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description JWT Tokens used by tasks were exposed in logs. This exposure could allow UI users to act as Dag Authors. Recommendations Upgrade to version 3.2.0...

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

GHSA-XP4F-G2CM-RHG7 PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket

Impact Attackers can fill the body of the clientData JWT in LoginPacket with lots of junk properties, causing the server to flood warning messages, as well as wasting CPU time. This happens because the JsonMapper instance used to process the JWT body is configured to warn on unexpected properties...