CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

CVE-2025-3449 Weak Session Token used in Automation Runtime SDM

A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions...

CVE-2025-3449

The CVE-2025-3449 issue affects the SDM component of B&R Automation Runtime, before version 6.4. Root cause: generation of predictable numbers/identifiers that can be exploited by an unauthenticated, network-based attacker. Impact: potential takeover of already established sessions. Documented in...

CVE-2025-3449 Weak Session Token used in Automation Runtime SDM

A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions...

CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

Authorization

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

CVE-2023-28395

CVE-2023-28395 affects Osprey Pump Controller version 1.01. The vulnerability stems from a weak, low-entropy session token generation algorithm, enabling session ID predictability and potential authentication/authorization bypass, which could allow an attacker to hijack a session and gain unautho...

CVE-2023-28395 CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

Janitza UMG Power Quality Measuring Products Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 22, 2015, and is being released to the NCCIC/ICS-CERT web site. Mattijs van Ommeren of Applied Risk has identified several vulnerabilities in the Janitza UMG power quality measuring products. Janitza ha...

Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data

Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data Black Watch Labs Security Advisory 00-02 March 6, 2000 Name: Weak Token in Mail.Com Application Allows Compromise of Arbitrary User's Data Black Watch Labs ID: BWL-00-02 Date Released: March 6, 2000 Category: Applicatio...