Lucene search
K

280 matches found

RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.4 views

CVE-2025-68932

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

9.8CVSS7AI score0.00498EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.5 views

FreshRSS 安全特征问题漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security feature issue vulnerability exists in FreshRSS versions prior to 1.28.0 that stems from the use of a weak random number generator to generate session tokens, which could lead to account takeover...

9.8CVSS6.6AI score0.00498EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/12/27 12:0 a.m.12 views

When RSA Fails: Exploiting Prime Selection Vulnerabilities in Public Key Cryptography

This paper explores vulnerabilities in RSA cryptosystems that arise from improper prime number selection during key generation. We examine two primary attack vectors: Fermat's factorization method, which exploits RSA keys generated with primes that are too close together, and the Greatest Common...

7AI score
Exploits0
CVE
CVE
added 2025/12/26 11:43 p.m.16 views

CVE-2025-68932

FreshRSS suffers from weak cryptographic randomness used to generate remember-me tokens and challenge-response nonces prior to version 1.28.0, enabling potential prediction of valid session tokens and persistent session hijacking leading to account takeover. The issue affects versions before 1.28...

9.8CVSS6.7AI score0.00498EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/26 11:43 p.m.20 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS0.00498EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/26 11:43 p.m.4 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS6.7AI score0.00498EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.10 views

Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞

The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...

7.2CVSS6.5AI score0.00167EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51054

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...

5.3CVSS6AI score0.00401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.1AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 3:31 a.m.32 views

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.1CVSS0.00444EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 3:31 a.m.4 views

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.1CVSS7.2AI score0.00444EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

AlmaLinux 9 : bind9.18 (ALSA-2025:21111)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21111 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/01 10:24 p.m.6 views

CVE-2025-59390

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

9.8CVSS7.1AI score0.00597EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 9:31 a.m.6 views

EUVD-2025-199714

Apache Druid’s Kerberos authenticator uses a weak fallback secret...

9.8CVSS6.4AI score0.00597EPSS
Exploits0References4
CVE
CVE
added 2025/11/26 8:50 a.m.26 views

CVE-2025-59390

Apache Druid’s Kerberos authenticator is affected. If the configuration druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, a weak fallback secret is generated with ThreadLocalRandom, which is not cryptographically secure. This can allow an attacker to predict or brute‑force the c...

9.8CVSS6.8AI score0.00597EPSS
Exploits0References2Affected Software1
Gentoo Linux
Gentoo Linux
added 2025/11/26 12:0 a.m.9 views

librnp: Weak random number generation

Background librnp is a high performance C++ OpenPGP library. Description The affected librnp version generated weak session keys for its public key encryption PKESK mode. Impact Messages encrypted using the affected librnp version might be readable by an attacker with just the public key...

8.7CVSS6.7AI score0.00274EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/26 12:0 a.m.5 views

GLSA-202511-07 : librnp: Weak random number generation

The remote host is affected by the vulnerability described in GLSA-202511-07 librnp: Weak random number generation The affected librnp version generated weak session keys for its public key encryption PKESK mode. Tenable has extracted the preceding description block directly from the Gentoo Linux...

8.7CVSS6AI score0.00274EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 8:53 a.m.4 views

SUSE-SU-2025:4222-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

8.6CVSS6.4AI score0.00509EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.8 views

AlmaLinux 10 : bind (ALSA-2025:21034)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21034 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References5
Rows per page
Query Builder