14 matches found
Exploit for CVE-2026-30944
π CVE-2026-30944 StudioCMS Privilege Escalation via Insecure...
StudioCMS has Privilege Escalation via Insecure API Token Generation
Summary The /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target us...
CVE-2026-30944 StudioCMS Affected by Privilege Escalation via Insecure API Token Generation
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...
CVE-2026-30944 StudioCMS Affected by Privilege Escalation via Insecure API Token Generation
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to...
EUVD-2025-206092
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
Nextcloud Calendar Security Feature Issue Vulnerability
Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...
EUVD-2018-6603
Malware in sbrugna...
EUVD-2022-48640
Malicious code in bioql PyPI...
CVE-2022-45782
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...
CVE-2023-32549 Landscape insecure token generation
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...
Golf θ·¨η«θ―·ζ±δΌͺι ζΌζ΄
Golf is a fast, simple, and lightweight web framework for individual developers at Peixuan Ding. Golf suffers from a cross-site request forgery vulnerability that stems from an insecurely generated CSRF token. An attacker can exploit this vulnerability to predict CSRF tokens...
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...
CVE-2018-14709
CVE-2018-14709 affects Drobo 5N2 NAS (Dashboard API) where insecure token generation allows authentication bypass. Public details in the provided documents indicate remote command injection via the NASd service, enabling attackers to perform actions such as querying device status, installing appl...