3051 matches found
CVE-2026-2878
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering...
CVE-2026-27637
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...
CVE-2026-27637
FreeScout (Laravel-based) before version 1.8.206 is affected by two linked issues. CVE-2026-27637: the TokenAuth middleware uses a predictable token computed as MD5(user_id + created_at + APP_KEY). The token is static and, if an attacker obtains APP_KEY, they can generate a valid token for any us...
EUVD-2026-8611
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...
PT-2026-21919
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
Binardat 10G08-0800GSM 安全特征问题漏洞
Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The previous versions of Binardat 10G08-0800GSM Network SwitchV300SP10260209 had security feature vulnerabilities. These vulnerabilities stemmed from the use of the Web management interface to generate...
PT-2026-21753
Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The web management interface generates predictable numeric session identifiers. This predictability allows an attacker to guess valid session IDs,...
Generation of Predictable Numbers or Identifiers
Overview google-cloud-aiplatform is a Vertex AI API client library Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers for Cloud Storage buckets. An attacker can execute code remotely, steal models, or poison data by pre-creating buckets with...
Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...
CVE-2026-2817
CVE-2026-2817 affects Spring Data Geode. The issue arises from using an insecure directory during snapshot imports: archives are extracted to predictable, overly permissive locations in the system temp directory. On shared hosts, a local user with basic privileges can access another user’s extrac...
AI-generated passwords are a security risk
Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...
CVE-2025-13079
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it...