CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

When RSA Fails: Exploiting Prime Selection Vulnerabilities in Public Key Cryptography

This paper explores vulnerabilities in RSA cryptosystems that arise from improper prime number selection during key generation. We examine two primary attack vectors: Fermat's factorization method, which exploits RSA keys generated with primes that are too close together, and the Greatest Common...

FreshRSS 安全特征问题漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security feature issue vulnerability exists in FreshRSS versions prior to 1.28.0 that stems from the use of a weak random number generator to generate session tokens, which could lead to account takeover...

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

CVE-2025-68932

FreshRSS suffers from weak cryptographic randomness used to generate remember-me tokens and challenge-response nonces prior to version 1.28.0, enabling potential prediction of valid session tokens and persistent session hijacking leading to account takeover. The issue affects versions before 1.28...

CVE-2023-54073 tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site

In the Linux kernel, the following vulnerability has been resolved: tpm: Add !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 kernel BUG...

Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞

The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Insufficient Random Values (CVE-2025-7783)

Summary Due to the use of the form-data JavaScript library, IBM watsonx Orchestrate Developer Edition is vulnerable to predictable boundary values CVE-2025-7783 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

CVE-2025-68313

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success...

CVE-2025-68313 x86/CPU/AMD: Add RDSEED fix for Zen5

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success...

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

CVE-2025-11707

CVE-2025-11707 – Login Lockdown & Protection (WordPress) : A vulnerability in all versions up to and including 2.14 allows unauthenticated attackers who have access to an admin email to generate valid unblock keys for their IP, bypassing IP blocks after failed logins due to insufficient randomnes...

PT-2025-51054

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data

Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...