Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/22 2:57 p.m.3 views

CVE-2025-64097

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

9.5CVSS5.5AI score0.00422EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/22 2:57 p.m.12 views

CVE-2025-64097

NervesHub (OTA firmware management service) is affected by CVE-2025-64097 due to tokens used for user/API authentication having a predictable format from 1.0.0 up to 2.3.0. The root cause is insufficient entropy in tokens, allowing brute-forcing to gain unauthorized access to user accounts or API...

9.8CVSS5.6AI score0.00422EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/22 2:57 p.m.4 views

EUVD-2025-206329

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

9.5CVSS5.6AI score0.00422EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-1580

Malware in sbrugna...

7.2CVSS6.4AI score0.0019EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/04/27 12:0 a.m.4 views

SAGA: a Security Architecture for Governing AI Agentic Systems

Large Language Model LLM-based agents increasingly interact, collaborate, and delegate tasks to one another autonomously with minimal human interaction. Industry guidelines for agentic system governance emphasize the need for users to maintain comprehensive control over their agents, mitigating...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/07/23 2:58 p.m.11 views

in kestasjk/webdiplomacy

✍️ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. 🕵️‍♂️ Proof of Concept...

0.8AI score
Exploits0
NVD
NVD
added 2017/07/17 1:18 p.m.19 views

CVE-2016-10398

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens AuthTokens used by the Trusted Execution Environment TEE are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE...

7.2CVSS6.4AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/07/14 5:0 p.m.21 views

CVE-2016-10398

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens AuthTokens used by the Trusted Execution Environment TEE are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE...

6.4AI score0.0019EPSS
Exploits0References1
CERT
CERT
added 2008/12/31 12:0 a.m.21 views

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...

6.8AI score
Exploits0References7
Rows per page
Query Builder