CVE-2015-0849

pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability...

pycode‑browser 安全漏洞

pycode-browser is a Python learning tool from pycode-browser open source. A security vulnerability exists in pycode-browser versions prior to 1.0 that stems from temporary files being predictable...

CVE-2025-48461 Weak Session Cookie Entropy

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the toBuffer function. An attacker can predict cryptographic keys that were generated using Uint8Array inputs on affected Node.js versions, leading to compromised security of derived...

pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the pbkdf2Sync method. An attacker can obtain predictable or uninitialized memory as a cryptographic key when key derivation is used with unsupported or non-normalized algorithm names...

PT-2025-26675 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: Apache affected versions not specified Description: The issue allows an unauthenticated attacker to conduct brute force guessing and account takeover due to predictable session cookies. This could potentially allow attackers to gain root,...

CVE-2025-6216

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password...

CVE-2025-6216

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password...

CVE-2025-6216

CVE-2025-6216 describes an authentication bypass in Allegra due to a flaw in the password recovery flow: the reset token is generated from a predictable value, enabling remote attackers to bypass login. Affected component is the Allegra password recovery/token generation logic (calculateTokenExpD...

Allegra 授权问题漏洞

Allegra is a project management software for mid-sized organizations from Allegra. An authorization issue vulnerability exists in Allegra that stems from a password recovery mechanism that relies on predictable values, which could lead to authentication bypass...

Information Disclosure Vulnerability in Various ABB Products (CNVD-2025-13332)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

GHSA-M3MQ-F375-5VGH Vantage6 Server JWT secret not cryptographically secure

Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...

CVE-2025-43866

Vantage6 Server JWT secret not cryptographically secure: the auto-generated key uses UUID1, which is partially predictable. This exposes potential forgery of security tokens. The issue is fixed in version 4.11.0; upgrading to 4.11.0+ or defining a custom JWT secret in configuration mitigates the ...

NIH BRICS 14.0.0-67 Predictable Tokens

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2024-13951

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

CVE-2024-6348

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

CVE-2024-25729

Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet...