Exploit for CVE-2026-30944

🔓 CVE-2026-30944 StudioCMS Privilege Escalation via Insecure...

EUVD-2025-206092

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

Nextcloud Calendar Security Feature Issue Vulnerability

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...

EUVD-2018-6603

Malware in sbrugna...

EUVD-2022-48640

Malicious code in bioql PyPI...

CVE-2023-32549 Landscape insecure token generation

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...

Golf 跨站请求伪造漏洞

Golf is a fast, simple, and lightweight web framework for individual developers at Peixuan Ding. Golf suffers from a cross-site request forgery vulnerability that stems from an insecurely generated CSRF token. An attacker can exploit this vulnerability to predict CSRF tokens...

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

CVE-2018-14709

CVE-2018-14709 affects Drobo 5N2 NAS (Dashboard API) where insecure token generation allows authentication bypass. Public details in the provided documents indicate remote command injection via the NASd service, enabling attackers to perform actions such as querying device status, installing appl...