CVE-2025-67504

CVE-2025-67504 affects WBCE CMS (versions 1.6.4 and earlier). The root cause is the use of GenerateRandomPassword() which relies on PHP’s rand(), a non-cryptographically secure RNG. This weakness can allow generated password sequences to be predicted or brute-forced, potentially enabling user acc...

EUVD-2025-201876

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

CVE-2025-66565 Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, including the zero UUID...

CVE-2025-66565

Fiber Utils (github.com/gofiber/utils) has a vulnerability in UUIDv4() and UUID() where crypto/rand.Read() failures trigger silent fallbacks to predictable UUID values, including the zero UUID 00000000-0000-0000-0000-000000000000. This root cause affects versions up to 2.0.0-rc.3; the issue is fi...

An Efficient Secret Communication Scheme for the Bosonic Wiretap Channel

We propose a new secret communication scheme over the bosonic wiretap channel. It uses readily available hardware such as lasers and direct photodetectors. The scheme is based on randomness extractors, pulse-position modulation, and Reed-Solomon codes and is therefore computationally efficient. I...

AlmaLinux 9 : bind9.18 (ALSA-2025:21111)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21111 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

CVE-2025-59390

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to form-data (CVE-2025-7783)

Summary The form-data package is vulnerable to HTTP Parameter Pollution HPP. This vulnerability affects IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerabili...

EUVD-2025-199714

Apache Druid’s Kerberos authenticator uses a weak fallback secret...

CVE-2025-59390

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

CVE-2025-59390

Apache Druid’s Kerberos authenticator is affected. If the configuration druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, a weak fallback secret is generated with ThreadLocalRandom, which is not cryptographically secure. This can allow an attacker to predict or brute‑force the c...

librnp: Weak random number generation

Background librnp is a high performance C++ OpenPGP library. Description The affected librnp version generated weak session keys for its public key encryption PKESK mode. Impact Messages encrypted using the affected librnp version might be readable by an attacker with just the public key...

GLSA-202511-07 : librnp: Weak random number generation

The remote host is affected by the vulnerability described in GLSA-202511-07 librnp: Weak random number generation The affected librnp version generated weak session keys for its public key encryption PKESK mode. Tenable has extracted the preceding description block directly from the Gentoo Linux...

CLSA-2025-1764084458 bind: Fix of 2 CVEs

CVE-2025-40780: fix randomness sources, drop obsolete PRNG test - CVE-2025-40778: fix NS caching, DNAME/referral handling, restore IPv6 TCP tests...

SUSE-SU-2025:4222-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

SUSE CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

AlmaLinux 10 : bind (ALSA-2025:21034)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21034 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...