2982 matches found
CVE-2026-0622
Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...
GHSA-58PV-8J8X-9VJ2 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-kubernetes, py3-cassandra-medusa, py3-setuptools, tensorflow-cpu-jupyter, semgrep, superset, mlflow, open-webui, pypy-3.10, datadog-agent, kubeflow-katib, kserve, airflow, emissary, pypy-3.11...
GHSA-58PV-8J8X-9VJ2 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, tritonserver-backend-vllm-cuda-12.9, kubeflow-katib, tensorflow-cpu-jupyter, py3-cassandra-medusa, azure-functions-python-worker, duplicity, nemo, tensorflow-gpu-jupyter, airflow, dbt-bigquery, superset, apache-beam-python-3.11-sdk,...
CVE-2026-0622
Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...
CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key
Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...
CVE-2026-0622
Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...
CVE-2026-0622
Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...
CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key
Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...
Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key
Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token JWT signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result i...
Malicious Package
Overview @bingads-webui-theme-2018/theme-fluent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
MAL-2026-347 Malicious code in @bingads-webui-theme-2018/theme-fluent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb7d2fe9b87a76a487939456a941121a5bcee7d7aa0ffa37f198f8216d1e64aa The package @bingads-webui-theme-2018/theme-fluent was found to contain malicious code. Source: ghsa-malware...
CVE-2026-22690 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-22691 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-4XC4-762W-M6CG vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-4F6G-68PF-7VHV vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-21860 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, superset...
GHSA-87HC-H4R5-73F7 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, superset...
GHSA-87HC-H4R5-73F7 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, azure-functions-python-worker, superset...
GHSA-4F6G-68PF-7VHV vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-4XC4-762W-M6CG vulnerabilities
Vulnerabilities for packages: open-webui...