CVE-2025-7448

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

CVE-2025-7448

CVE-2025-7448 affects Silicon Labs Wi-SUN Stack. The issue arises from unexpected 4‑Way Handshake packet receptions, which can yield predictable cryptographic keys and potentially enable a Man-in-the-Middle (MitM) attack. Reported by multiple sources, the vulnerability is tied to Wi-SUN Handshake...

CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the websocket component due to using a fixed 32 bit mask that persisted and was used throughout the entire connection instead of updating it for each new outgoing frame as the...

Generation of Predictable Numbers or Identifiers

Overview curl is a command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148 predictable WebSocket mask

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

Curl 8.11.0 < 8.16.0 Predictable WebSocket Mask (CVE-2025-10148)

The version of Curl installed on the remote host is 8.11.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-10148 advisory. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it...

Silicon Labs Wi-SUN Stack 安全漏洞

Silicon Labs Wi-SUN Stack is a communications stack from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Wi-SUN Stack that stems from the fact that accidental reception of a 4-Way Handshake packet may result in a predictable key, potentially triggering a man-in-the-middle attac...

PT-2025-37298

Name of the Vulnerable Software and Affected Versions: Wi-SUN affected versions not specified Description: The Wi-SUN protocol is susceptible to a flaw related to unexpected 4-Way Handshake packet receptions. This can result in predictable keys, potentially enabling a Man-in-the-Middle MitM attac...

CURL-CVE-2025-10148 predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

Linux Distros Unpatched Vulnerability : CVE-2020-27743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

CVE-2025-42925

The CVE-2025-42925 entry describes a vulnerability in SAP NetWeaver AS JAVA IIOP service caused by insufficient randomness when assigning Object Identifiers, enabling an authenticated lower-privileged actor to brute-force and predict identifiers to access limited system information. Affected comp...

CVE-2025-42925 Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

SAP NetWeaver AS Java 安全漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A security vulnerability exists in SAP NetWeaver AS Java that stems from a lack of randomness and could lead to predictive identifiers...

ECOVACS robot vacuums 安全漏洞

ECOVACS robot vacuums is a line of vacuum cleaners from the Chinese company ECOVACS. A security vulnerability exists in ECOVACS robot vacuums that stems from insecure Wi-Fi communication using predictable WPA2-PSK...

ECOVACS robot vacuums 安全漏洞

ECOVACS robot vacuums is a line of vacuum cleaners from the Chinese company ECOVACS. A security vulnerability exists in ECOVACS robot vacuums that stems from insecure Wi-Fi communication using predictable AES encryption keys...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.

...