Use of a Broken or Risky Cryptographic Algorithm

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting...

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators...

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-ui is a Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting valid JWTs usin...

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

CVE-2025-4855

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sbencryption function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization...

CVE-2025-4855

CVE-2025-4855 concerns the WordPress plugin Support Board. Multiple sources confirm a vulnerability in all versions up to 3.8.0 where hardcoded default secrets in sb_encryption() enable unauthenticated bypass of authorization and the execution of arbitrary AJAX actions via sb_ajax_execute(). This...

CVE-2021-43799 RabbitMQ exposes ports with weak default secrets in Zulip Server

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...