Lucene search
K

47 matches found

CVE
CVE
added 2026/06/24 11:53 a.m.9 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5 (32 iterations), yielding a higher risk of password hash cracking. The vulnerability allows attackers to crack hashes faster on modern GPUs, potentially compromising all user accounts in a database breach. Affected component is the b...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.34 views

CVE-2026-56272 Flowise - Insufficient Password Salt Rounds in Bcrypt Hashing

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS0.00073EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 5:13 p.m.11 views

CVE-2026-49440

Summary: CVE-2026-49440 affects Deno’s crypto.primality tests when using default options (checks=0) for checkPrime/checkPrimeSync, causing some composites to be reported as prime due to zero Miller-Rabin rounds. This occurs in the node:crypto path and related op_node_check_prime implementations; ...

7.4CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50149

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description The node:crypto.checkPrime and crypto.checkPrimeSync functions failed to perform Miller-Rabin rounds when the options.checks variable was left at its default value of 0. In this state, the software only...

7.4CVSS5.8AI score0.00149EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.9 views

When LLMs Team Up: A Coordinated Attack Framework for Automated Cyber Intrusions

Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework created by VMware Corporation in the Spring ecosystem, which integrates artificial intelligence and large language model capabilities. VMware Spring AI has a security vulnerability. This vulnerability allows malicious users to manipulate the behavior of...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.12 views

Iterative Audit Convergence in LLM-Managed Multi-Agent Systems: A Case Study in Prompt Engineering Quality Assurance

Prompt specifications for multi-agent large language model LLM systems carry data contracts and integration logic across many interdependent files but are rarely subjected to structured-inspection rigor. This paper reports a single-system empirical case study of iterative, agent-driven auditing...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30585

The setup: 4 agents chain off each other in a loop, each reacting to the previous response. Dominus — finds a new vulnerability angle from the CISA KEV catalog Axiom — adds one new technical detail to the finding Cipher — identifies one specific flaw in the previous argument Vector — names one...

5.9AI score
Exploits0References3
Veracode
Veracode
added 2026/03/21 5:28 a.m.7 views

Integer Overflow

bcrypt-ruby is vulnerable to Integer Overflow. The vulnerability is due to an integer overflow in the Java BCrypt implementation for JRuby, where the key-strengthening round count is computed as a signed 32-bit integer, and when cost=31, signed integer overflow causes the round count to become...

7.5CVSS5.9AI score0.00228EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/03/05 9:54 p.m.21 views

GHSA-X2G5-FVC2-GQVP Flowise has Insufficient Password Salt Rounds

Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. Affected Code export function getHashvalue: string const salt = bcrypt.genSaltSyncparseIntprocess.env.PASSWORDSALTHASHROUNDS || '5' return bcrypt.hashSyncvalue, salt Evidence Using 5 salt...

4.1CVSS6AI score0.00073EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/05 9:54 p.m.5 views

Use of Password Hash With Insufficient Computational Effort

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of insufficient bcrypt salt rounds in the getHash function. An attacker can significantly reduce the time required to crack passwor...

5.6CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/05 9:54 p.m.10 views

Flowise has Insufficient Password Salt Rounds

Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. Affected Code export function getHashvalue: string const salt = bcrypt.genSaltSyncparseIntprocess.env.PASSWORDSALTHASHROUNDS || '5' return bcrypt.hashSyncvalue, salt Evidence Using 5 salt...

5.6CVSS6AI score0.00073EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.12 views

PT-2026-51776

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description The software uses bcrypt with a default salt round value of 5, resulting in only 32 iterations. This is significantly lower than the OWASP-recommended minimum of 10 rounds 1024 iterations. This...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References9
CVE
CVE
added 2025/11/25 7:59 p.m.21 views

CVE-2025-66017

CVE-2025-66017 affects the CGGMP family (CGGMP21 and CGGMP24). The vulnerability arises from improper use of presignatures in specific configurations, allowing signature forgery or reduced security. Affected details indicate that in CGGMP21 <= 0.6.3 and CGGMP24

8.2CVSS6.4AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/25 7:59 p.m.5 views

EUVD-2025-199640

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces...

8.2CVSS6.3AI score0.00181EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2025/08/12 11:0 a.m.8 views

The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions

Most security tools can't see what happens inside the browser, but that's where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/24 12:0 a.m.5 views

An Improved ChaCha Algorithm Based on Quantum Random Number

Due to the merits of high efficiency and strong security against timing and side-channel attacks, ChaCha has been widely applied in real-time communication and data streaming scenarios. However, with the rapid development of AI-assisted cryptanalysis and quantum computing technologies, there are...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/26 12:0 a.m.7 views

Differential Privacy Analysis of Decentralized Gossip Averaging under Varying Threat Models

Fully decentralized training of machine learning models offers significant advantages in scalability, robustness, and fault tolerance. However, achieving differential privacy DP in such settings is challenging due to the absence of a central aggregator and varying trust assumptions among nodes. I...

6.9AI score
Exploits0
Rows per page
Query Builder