EUVD-2025-201444

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

EUVD-2019-0082

Malware in sbrugna...

EUVD-2024-39454

Malicious code in bioql PyPI...

Cloudflare Public Bug Bounty: [Variation of #1554049] 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in Access Temp Auth

A vulnerability was discovered in Cloudflare Access that could allow for unauthorized approvals within the Temporary Auth workflow. The issue was resolved after the researcher reported it to Cloudflare...

Linux Distros Unpatched Vulnerability : CVE-2016-2039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, whic...

CVE-2025-6216

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password...

CVE-2023-41936

Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token...

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system designed for SonicWall firewall appliances from SonicWALL Inc. in the United States. A security vulnerability exists in SonicWALL SonicOS that stems from the use of a cryptographically weak pseudo-random number generator PRNG in the authentication token...

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and earlier versions, which stems from the predictability of the algorithm used to create password reset tokens, and can be exploited by an attacker to...

SUSE CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

PT-2022-20394 · Unknown · B2Evolution

Name of the Vulnerable Software and Affected Versions: b2evolution versions prior to 7.2.3 Description: An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the...

Insecure Cryptography

packbackbooks/lti-1p3-tool uses an insecure cryptographic configuration. The vulnerability exists due to improper configuration of generating cookies and openid values which allows an attacker to predict the token value and forge the token...

UBUNTU-CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

Unspecified vulnerability in react-native-meteor-oauth

react-native-meteor-oauth is a plugin for logging in to the Meteor server in React Native. A security vulnerability exists in react-native-meteor-oauth, which stems from the program's use of a weakly encrypted pseudo-random number generator to generate oauth random tokens Random Token. An attacke...

UBUNTU-CVE-2015-5267

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...

DEBIAN-CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value...

PT-2013-02: Password Reset Token Prediction in FluxBB

The specialists of Positive Technologies have detected a "Password Reset Token Prediction" vulnerability in FluxBB. The vulnerability was detected in password reset token generation algorithm. FluxBB generates weak random numbers using mtrand function: function randomkey$len, $readable = false,...