CVE-2026-44054

Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...

CVE-2026-44054

CVE-2026-44054 affects Netatalk 2.0.0 through 4.4.2, where AFP session tokens are derived from predictable data (process IDs), enabling a remote authenticated attacker to trigger denial of service via the reconnect mechanism. Debian and Alpine advisories align on the DoS impact and note fixes in ...

CVE-2026-41505

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...

CVE-2026-41505

RELATE is a web-based courseware package. Prior to commit 2f68e16, auth.py's make_sign_in_key() and exam.py's gen_ticket_code() generate predictable tokens, enabling potential exploitation across a network without user interaction. The issue is marked in CVSS 3.1 as HIGH (AV:N/AC:H/PR:N/UI:N/S:C/...

GHSA-9R75-G2CR-3H76 Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens

createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...

SUSE CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

CVE-2026-27637

FreeScout (Laravel-based) before version 1.8.206 is affected by two linked issues. CVE-2026-27637: the TokenAuth middleware uses a predictable token computed as MD5(user_id + created_at + APP_KEY). The token is static and, if an attacker obtains APP_KEY, they can generate a valid token for any us...

EUVD-2026-8611

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

EUVD-2025-198310

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55...

EUVD-2019-7570

Malware in sbrugna...

EUVD-2023-42378

Malicious code in bioql PyPI...

EUVD-2025-28704

Malicious code in bioql PyPI...

CVE-2025-6216

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password...

CVE-2025-6216

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password...

CVE-2025-6216

CVE-2025-6216 describes an authentication bypass in Allegra due to a flaw in the password recovery flow: the reset token is generated from a predictable value, enabling remote attackers to bypass login. Affected component is the Allegra password recovery/token generation logic (calculateTokenExpD...

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...