Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.5 contained security vulnerabilities. These vulnerabilities stemmed from WebSocket endpoints that did not validate sources and an insecure storage of authentication tokens, which could lead to cross-site...

CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

CVE-2026-4880

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

CVE-2026-4880

The CVE concerns the WordPress plugin Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS, affected up to version 1.11.0. The root cause is insecure token-based authentication where the plugin trusts a user-supplied Base64-encoded user ID in the token parameter to ide...

Exploit for CVE-2026-30944

🔓 CVE-2026-30944 StudioCMS Privilege Escalation via Insecure...

StudioCMS has Privilege Escalation via Insecure API Token Generation

Summary The /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target us...

CVE-2026-30944 StudioCMS Affected by Privilege Escalation via Insecure API Token Generation

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...

CVE-2026-30944 StudioCMS Affected by Privilege Escalation via Insecure API Token Generation

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...

EUVD-2025-206092

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

Nextcloud Calendar Security Feature Issue Vulnerability

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

EUVD-2018-6603

Malware in sbrugna...

EUVD-2022-48640

Malicious code in bioql PyPI...

EUVD-2023-12603

Malicious code in bioql PyPI...

EUVD-2025-1718

Malicious code in bioql PyPI...

CVE-2022-45782

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...

Rockwell Automation FactoryTalk AssetCentre 安全漏洞

Rockwell Automation FactoryTalk AssetCentre is an application from Rockwell Automation, Inc. It provides centralized tools for protecting, managing, versioning, tracking, and reporting information about automation-related assets throughout the plant. A security vulnerability exists in versions...

PT-2025-3925 · Rockwell Automation · Factorytalk Assetcentre

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001 Description: A data exposure issue exists due to insecure storage of FactoryTalk Security user tokens, which could allow a threat actor to steal a token and impersonate...

IBM Sterling Secure Proxy 安全漏洞

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. An information disclosure vulnerability exists in IBM Sterling Secure Proxy that stems from not setting a...

CVE-2023-32549 Landscape insecure token generation

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...