CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Snyk•added 2026/05/14 2:57 p.m.•4 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute...

9.9CVSS6AI score

Exploits0References2

CVE•added 2026/01/20 7:56 p.m.•11 views

CVE-2026-0622

Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...

6.5CVSS5.4AI score0.0005EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/01/20 7:56 p.m.•11 views

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

0.0005EPSS

Exploits0References3

Positive Technologies•added 2026/01/20 12:0 a.m.•4 views

PT-2026-3645

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI affected versions not specified Description The software utilizes a hard-coded JWT signing key 'change-me' if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain...

6.5CVSS5.3AI score0.0005EPSS

Exploits0References9