CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

WBCE CMS 安全特征问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A security feature issue vulnerability exists in WBCE CMS version 1.6.4 and earlier, which stems from an insecure password generation function that could lead to password prediction or brute for...

EUVD-2025-28745

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

EUVD-2022-3952

Malicious code in bioql PyPI...

CVE-2019-25061

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

CVE-2023-47352

Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords...

Technicolor TC8715D Security Vulnerability

The Technicolor TC8715D is a wireless router from the French company Technicolor. A security vulnerability exists in the Technicolor TC8715D. An attacker can exploit this vulnerability to predict passwords...

b2evolution 安全特征问题漏洞

b2evolution is a community content management system based on PHP and MySQL. A security signature issue vulnerability exists in b2evolution 7.2.3 and earlier versions, which stems from the ability to predict any user's password through the use of a bad random function, which can be exploited by a...

Insecure PRNG use in random_password_generator

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

GHSA-GGFX-H9XJ-5V9C Insecure PRNG use in random_password_generator

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

CVE-2019-25061

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

CVE-2019-25061

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

Design/Logic Flaw

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

Inadequate Encryption Strength

Overview randompasswordgenerator is a generates a random password with various useful options. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of Kernelrand to generate passwords, which, as a result of its cyclic nature, can facilitate password...

CVE-2019-25061

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

CVE-2019-25061

The CVE affects the Ruby gem random_password_generator (up to version 1.0.0). The root cause is the use of Kernel#rand to generate passwords, which exhibits a cyclic behavior that can lead to password prediction. Documented impacts include potential exposure of generated passwords due to predicta...

OmniAuth Ruby gem 安全漏洞

The OmniAuth Ruby gem is an authentication system that uses Rack middleware. Ruby gem 1.0.0 and earlier versions have a security vulnerability in randompasswordgenerator aka RandomPasswordGenerator, which can be exploited by an attacker to facilitate password prediction...

CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

Kaspersky Password Manager Encryption Problem Vulnerability

Kaspersky Password Manager is an application from the Russian company Kaspersky. It provides a function to manage passwords. Kaspersky Password Manager suffers from a cryptographic vulnerability that arises from a password generator feature that allows an attacker to predict the passwords that wi...