netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

CVE-2026-8700

A flaw was found in perl-Crypt-DSA. This vulnerability occurs because the software generates cryptographic seeds using Perl's built-in rand function, which is predictable and unsuitable for security-sensitive operations. An attacker could potentially leverage this predictability to weaken the...

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

PT-2026-32024

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + user id 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + user id5 - 10000. An attacker wh...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

wolfSSL（CyaSSL） 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the lack of necessary encryption steps in the TLS...

EUVD-2021-10138

Malware in sbrugna...

EUVD-2003-1381

Malware in sbrugna...

EUVD-2025-29030

Malicious code in bioql PyPI...

CVE-2025-7448

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

CVE-2025-7448

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

CVE-2025-7448

CVE-2025-7448 affects Silicon Labs Wi-SUN Stack. The issue arises from unexpected 4‑Way Handshake packet receptions, which can yield predictable cryptographic keys and potentially enable a Man-in-the-Middle (MitM) attack. Reported by multiple sources, the vulnerability is tied to Wi-SUN Handshake...

CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

PT-2025-37298

Name of the Vulnerable Software and Affected Versions: Wi-SUN affected versions not specified Description: The Wi-SUN protocol is susceptible to a flaw related to unexpected 4-Way Handshake packet receptions. This can result in predictable keys, potentially enabling a Man-in-the-Middle MitM attac...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the toBuffer function. An attacker can predict cryptographic keys that were generated using Uint8Array inputs on affected Node.js versions, leading to compromised security of derived...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the pbkdf2Sync method. An attacker can obtain predictable or uninitialized memory as a cryptographic key when key derivation is used with unsupported or non-normalized algorithm names...

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...