CVE-2025-27580

CVE-2025-27580 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67. The issue is that token generation is predictable, depending on the user’s username, time, and a fixed string (7Dl9#dj-), which enables unauthenticated users with a CAC to escalate privile...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

PT-2025-17676 · Nih · Nih Brics

Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0 through 14.0.0-67 Description: The issue allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, including...

RabbitMQ 3.8.x < 3.8.32 / 3.9.x < 3.9.18 / 3.10.x < 3.10.2 Predictable credential obfuscation

The version of RabbitMQ installed on the remote host is 3.8.x prior to 3.8.32, 3.9.x prior to 3.9.18, or 3.10.x prior to 3.10.2. It is, therefore, affected by a vulnerability: - RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins...

CVE-2024-57835

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand function, which is not cryptographically secure...

CVE-2024-9311

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

Beta80 Life 1st 安全漏洞

Beta80 Life 1st is a complete suite for managing PSAPs from Beta80. A security vulnerability exists in Beta80 Life 1st version 1.5.2.14234, which stems from the use of insecure or risky encryption algorithms, insufficient computation of password hashes, weak hashes, and unidirectional hashes with...

CVE-2025-26138

Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...

CVE-2025-26138

Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...

CVE-2025-26138

CVE-2025-26138 affects Systemic Risk Value

ROS-20250307-01

A vulnerability in the readline.sh component of the socket forwarding utility from the host machine is related to the use of a predictable temporary file name in readline.sh. the use of a predictable temporary file name in readline.sh. Exploitation of the vulnerability could allow an attacker...

SUSE CVE-2023-34049

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0407-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0407-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 -...

Cache Poisoning

vLLM is vulnerable to Cache Poisoning. The vulnerability is due to hash collisions due to the use of Python's built-in hash function for prefix caching, which makes hashNone a predictable constant value, allowing an attacker to intentionally populate the cache with colliding prompts and interfere...

PYSEC-2025-62

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...

CVE-2025-25183 vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...

GHSA-RM76-4MRF-V9R8 vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

Summary Maliciously constructed prompts can lead to hash collisions, resulting in prefix cache reuse, which can interfere with subsequent responses and cause unintended behavior. Details vLLM's prefix caching makes use of Python's built-in hash function. As of Python 3.12, the behavior of hashNon...

coolLabs Coolify Denial of Service Vulnerability

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a denial of service vulnerability that stems from the fact that any authenticated user can revoke any team invitation on an instance by simply providing a predictable incremental ID, whic...