EUVD-2025-203407

An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUSLOGONFAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the netwo...

Directus's conceal fields are searchable if read permissions enabled

Summary A vulnerability allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Details The system permits sear...

GHSA-8JPW-GPR4-8CMH Directus's conceal fields are searchable if read permissions enabled

Summary A vulnerability allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Details The system permits sear...

EUVD-2021-24185

Malware in sbrugna...

EUVD-2021-19499

Malware in sbrugna...

CVE-2023-39349

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...

CVE-2021-37629

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

RWS WorldServer 11.7.3 - Session Token Enumeration

Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...

RWS WorldServer 安全特征问题漏洞

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer version 11.7.3 and earlier, which stems from the presence of a session token enumeration issue...

RWS WorldServer 11.7.3 - Session Token Enumeration

Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...

RWS WorldServer 11.7.3 Session Token Enumeration

Advisory: Session Token Enumeration in RWS WorldServer Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0 Vulnerabili...

SUSE CVE-2021-32703

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13,...

SUSE CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

SUSE CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

CVE-2021-37629

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Richdocuments, which stems from the fact that there is no rate limitation on Richdocuments OCS...

Nextcloud 信息泄露漏洞

An information disclosure vulnerability exists in Nextcloud Richdocuments, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that in the affected version, the Richdocuments OCS endpoint is not...

Design/Logic Flaw

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

Unspecified vulnerability in Nextcloud (CNVD-2021-51803)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3 can be exploited by an attacker to enumerate potentially valid...