GHSA-9R75-G2CR-3H76 Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens

createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...

CVE-2025-64097

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

Zyxel GS1900 安全特征问题漏洞

The Zyxel GS1900 is a managed switch from China Hopkins Zyxel. A security signature issue vulnerability exists in the Zyxel GS1900-10HP V2.80AAZI.0C0 version, which stems from improper use of a random function with low entropy when generating Web authentication tokens...

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Bravo Tejari Web Portal - Cross-Site Request Forgery Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Bravo Tejari Web Portal-CSRF CVE-ID: CVE-2018-7216 Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attac...

Bravo Tejari Web Portal Cross Site Scripting

Exploit Title: Bravo Tejari Web Portal-CSRF CVE-ID: CVE-2018-7216 Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access...

Tejari Cross Site Request Forgery

----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access...

Detect slident and or fake identd

The remote ident server returns random token instead of leaking real user IDs. This is a good thing. OpenVAS Vulnerability Test $Id: slident.nasl 7052 2017-09-04 11:50:51Z teissa $ Detect slident and or fake identd Authors: Michel Arboi Copyright: Copyright C 2005 Michel Arboi This program is fre...

slident / fake identd Detection

The remote ident/authd server returns random tokens instead of leaking real user IDs this is a good thing. It may be slidentd or some other fake identd. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18373; scriptversion "$Revision: 1.17 $"; scriptcvsdate"$Date:...