9 matches found
CVE-2025-64097
NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...
CVE-2025-64097
NervesHub (OTA firmware management service) is affected by CVE-2025-64097 due to tokens used for user/API authentication having a predictable format from 1.0.0 up to 2.3.0. The root cause is insufficient entropy in tokens, allowing brute-forcing to gain unauthorized access to user accounts or API...
EUVD-2025-206329
NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...
EUVD-2016-1580
Malware in sbrugna...
SAGA: a Security Architecture for Governing AI Agentic Systems
Large Language Model LLM-based agents increasingly interact, collaborate, and delegate tasks to one another autonomously with minimal human interaction. Industry guidelines for agentic system governance emphasize the need for users to maintain comprehensive control over their agents, mitigating...
in kestasjk/webdiplomacy
✍️ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. 🕵️♂️ Proof of Concept...
CVE-2016-10398
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens AuthTokens used by the Trusted Execution Environment TEE are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE...
CVE-2016-10398
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens AuthTokens used by the Trusted Execution Environment TEE are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE...
MD5 vulnerable to collision attacks
Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...