CVE-2026-0809 Weak KSeF token encoding in Streamsoft Prestiż

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF Krajowy System e-Faktur token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92...

CVE-2026-0809

CVE-2026-0809 concerns Streamsoft Prestiż. The vulnerability arises from a weak, custom token encoding algorithm used by the software, which enables an attacker to guess the KSeF (Krajowy System e‑Faktur) token after analyzing how tokens with known values are encoded. The issue affects Streamsoft...

Streamsoft Prestiz 安全漏洞

Streamsoft Prestiz is an ERP system for the plastics industry developed by Streamsoft Corporation. Streamsoft Prestiz has a security vulnerability that stems from the use of a custom token encoding algorithm. This vulnerability may allow an attacker to guess the value of KSeF tokens after analyzi...

Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens

createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...

Weak Password Recovery Mechanism for Forgotten Password

Overview @workflow/core is a Core runtime and engine for Workflow DevKit Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the createWebhook function. An attacker can gain unauthorized access to workflow execution by guessing predictab...

EUVD-2026-9910

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

UBUNTU-CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

EUVD-2026-5200

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

pearweb 安全漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions prior to pearweb1.33.0 contained security vulnerabilities. These vulnerabilities stemmed from predictable verification hashing, which could allow attackers to guess verification tokens and potentially unauthorized...

PT-2025-49266

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

PT-2025-44424

Name of the Vulnerable Software and Affected Versions 2nd Line Android App versions v1.2.92 and earlier Description The 2nd Line Android App has an issue with how it controls access during authentication. The server only checks the first character of the user token, which allows attackers to gues...

CVE-2025-59425

A flaw was found in vLLM’s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication. Mitigation Mitigation for this issue is either not available...

UUID/GUID Version 1 Detected

This is an informational plugin to inform the user that the scanner has detected a UUID/GUID version 1. UUID/GUID version 1 contains the MAC address of the computer that generated it, as well as a timestamp. This means that if an attacker can obtain a UUID/GUID version 1, they can infer host...

CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

CVE-2025-49198

CVE-2025-49198 concerns SICK Media Server where authorization tokens use poor randomness, enabling token-guessing attempts. Documents confirm the affected component as SICK Media Server (and related SICK Field Analytics in some sources). Impact is described as potential confidentiality risk due t...