86 matches found
CVE-2025-15603
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
EUVD-2025-208453
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603
...
CVE-2025-15603
...
CVE-2025-15603
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor explains: "The 't0p-s3cr3t' default was dead code on every supported startup path: start.sh, startwindows.ba...
PT-2026-24109
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI SECRET KEY leads to insufficiently random values. It is possible to launch the...
CVE-2026-0580
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
CVE-2026-0580
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
CVE-2026-0580
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
EUVD-2026-0904
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
CVE-2026-0580 SourceCodester API Key Manager App Import Key cross site scripting
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
CVE-2026-0580
CVE-2026-0580 affects the SourceCodester API Key Manager App 1.0. The vulnerability is in the Import Key Handler component, where manipulating an unknown functionality leads to Cross-Site Scripting (XSS). The issue is exploitable remotely; attack vectors are not fully detailed in the provided doc...
CVE-2026-0580 SourceCodester API Key Manager App Import Key cross site scripting
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
SourceCodester API Key Manager App 代码注入漏洞
SourceCodester API Key Manager App is a SourceCodester open source api key manager application. A code injection vulnerability exists in SourceCodester API Key Manager App version 1.0, which stems from an incorrect operation of the component Import Key Handler and could lead to a cross-site...
PT-2026-1224
Name of the Vulnerable Software and Affected Versions SourceCodester API Key Manager App version 1.0 Description A flaw exists within the Import Key Handler component that allows for cross site scripting. This issue can be triggered remotely through manipulation of an unknown functionality...
EUVD-2025-205475
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...
EUVD-2024-16953
Malicious code in bioql PyPI...
EUVD-2024-16954
Malicious code in bioql PyPI...
EUVD-2025-25385
Malicious code in bioql PyPI...
EUVD-2022-52065
Malicious code in bioql PyPI...