Lucene search
+L

139 matches found

CVE
CVE
added last week32 views

CVE-2026-56271

Flowise prior to 3.1.0 (versions

9.8CVSS6.1AI score0.00376EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56278 Flowise - Session Hijacking via Weak Default Express Session Secret

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses a weak hardcoded default secret 'flowise' for the express-session middleware when the EXPRESSSESSIONSECRET environment variable is not set packages/server/src/enterprise/middleware/passport/index.ts. Because this default secret is...

9.3CVSS6AI score0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38746

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56269

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 11:53 a.m.11 views

CVE-2026-56269

Flowise before 3.1.0 (npm package flowise;

4.6CVSS5.8AI score0.00093EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/12 4:16 p.m.19 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS0.00226EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/12 2:57 p.m.12 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0
EUVD
EUVD
added 2026/06/12 2:57 p.m.11 views

EUVD-2026-36470

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 2:57 p.m.29 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

0.00226EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 2:57 p.m.2 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48921

Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description The software uses a weak default algorithm and an insufficient number of iterations. The default algorithm is HMAC-SHA1, which is intended only for legacy systems. Additionally, the default...

5.3CVSS5.2AI score0.00226EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be...

5.3CVSS6.1AI score0.00226EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.5AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 12:30 p.m.17 views

EUVD-2026-32860

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 9:2 a.m.9 views

CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 9:2 a.m.37 views

CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 9:2 a.m.29 views

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

6CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 9:22 p.m.4 views

GHSA-M7MQ-85XJ-9X33 Flowise: Weak Default Token Hash Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...

5.6CVSS5.9AI score0.00093EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 9:22 p.m.5 views

Flowise: Weak Default Express Session Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/16 9:22 p.m.7 views

GHSA-2QQC-P94C-HXWH Flowise: Weak Default Express Session Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...

5.6CVSS6AI score0.0036EPSS
Exploits0References2
Rows per page
Query Builder