Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/03/20 8:31 a.m.22 views

CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS0.00225EPSS
Exploits1References2
NVD
NVD
added 2025/12/05 5:16 p.m.7 views

CVE-2025-66511

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

6.5CVSS0.00255EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 4:42 p.m.6 views

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.7AI score0.00255EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.5 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

6.7AI score0.00529EPSS
Exploits1References3
CVE
CVE
added 2025/11/18 12:0 a.m.18 views

CVE-2025-55796

OpenML Frontend (openml.org) web app version v2.0.20241110 is affected by a token-generation flaw. Tokens used for signup confirmation, password resets, email confirmations/resends, and email changes are MD5-based and generated from the current timestamp (format "%d %H:%M:%S") without user-specif...

7.5CVSS6.7AI score0.00529EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder