CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

EUVD-2021-21339

Malware in sbrugna...

EUVD-2021-21337

Malware in sbrugna...

EUVD-2021-21338

Malware in sbrugna...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

Information disclosure

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34689

Affected product: iDrive RemotePC on Windows. Version affected: prior to 7.6.48. Vulnerability type: information disclosure due to a flaw that allows a locally authenticated attacker to read the system’s Personal Key from world-readable log files in %PROGRAMDATA%. Root cause: Personal Key written...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

IDrive 日志信息泄露漏洞

Idrive IDrive is a suite of cloud backup and cloud storage service solutions from US-based IDrive Idrive. A log message disclosure vulnerability exists in iDrive RemotePC versions prior to 7.6.48, where a locally authenticated attacker can read the system's personal key...

iDrive RemotePC 信任管理问题漏洞

iDrive RemotePC is remote control software from iDrive, Inc. A trust management issue vulnerability exists in iDrive RemotePC versions prior to 7.6.48 on Windows, where a locally authenticated attacker can read an encrypted version of the system's personal key in an owner-readable %PROGRAMDATA% l...

GSA Bounty: CSRF in generating a new Personal Key

Hello team, I would like to report a CSRF which would allow an attacker to change a user's personal key. Vulnerable URL- staging.login.gov POC- Use the following HTML form for performing the CSRF attack- history.pushState'', '', '/' This will redirect you to...