Use Of Insufficiently Random Values

vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...

TencentOS Server 3: nodejs (TSSA-2022:0262)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0262 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

PT-2025-25544 · Unknown · Mojolicious::Plugin::Captchapng

Name of the Vulnerable Software and Affected Versions: Mojolicious::Plugin::CaptchaPNG version 1.05 Description: The issue concerns the use of a weak random number source for generating the captcha in Mojolicious::Plugin::CaptchaPNG for Perl. Specifically, version 1.05 utilizes the built-in rand...

CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

Insecure Randomness

Overview vantage6-server is a Vantage6 server Affected versions of this package are vulnerable to Insecure Randomness via the configureflask function, due to the predictable nature of the auto-generated secret key, an attacker can determine it and forge valid security tokens. This allows them to...

CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

CVE-2025-49198 Poor quality of randomness in authorization tokens

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

CVE-2025-49198 Poor quality of randomness in authorization tokens

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

PT-2025-25324 · Sick Ag · Sick Media Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns authorization tokens with poor randomness quality. An attacker may guess the token of an active user by computing plausible tokens. Recommendations: At the moment, there i...

MetaCPAN Perl Mojolicious::Plugin::CSRF 安全特征问题漏洞

MetaCPAN Perl Mojolicious::Plugin::CSRF is a CSRF defense plugin from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Perl Mojolicious::Plugin::CSRF version 1.03 that stems from the use of a weak random number source to generate CSRF tokens...

CLSA-2025-1749479602 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

Shuffling Cards When You Are of Very Little Brain: Low Memory Generation of Permutations

How can we generate a permutation of the numbers $1$ through $n$ so that it is hard to guess the next element given the history so far? The twist is that the generator of the permutation the "Dealer" has limited memory, while the "Guesser" has unlimited memory. With unbounded memory actually $n$...

Towards Trustworthy Federated Learning with Untrusted Participants

Resilience against malicious participants and data privacy are essential for trustworthy federated learning, yet achieving both with good utility typically requires the strong assumption of a trusted central server. This paper shows that a significantly weaker assumption suffices: each pair of...

CVE-2025-4607 PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function

The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customerregistration function. This is due to the use of a weak, low-entropy OTP mechanism in the forget function. This makes it possible for...

WordPress plugin PSW Front-end Login & Registration 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security feature issue vulnerabilit...

Joint Data Hiding and Partial Encryption of Compressive Sensed Streams

The paper proposes a method to secure the Compressive Sensing CS streams. It consists in protecting part of the measurements by a secret key and inserting the code into the rest. The secret key is generated via a cryptographically secure pseudo-random number generator CSPRNG and XORed with the...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2025-5136 Tmall Demo Payment Identifier pay random values

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...