CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

CVE-2022-39218

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

CVE-2024-35292

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 6ES7288-1CR40-0AA0 All versions, SIMATIC S7-200 SMART CPU CR60 6ES7288-1CR60-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA1 All versions, SIMATI...

These are the 10 worst PIN codes

Australian news outlet ABC NEWS analyzed a data set of 29 million 4-digit PIN numbers that people actually used to secure their devices, ATM withdrawals, building access, and more. What the outlet discovered is both expected and disappointing: Too many people use insecure PIN codes to protect...

Predictable Boundary Selection

Undici is vulnerable to predictable boundary selection. The vulnerability is due to the use of Math.random to choose the boundary, which can be predicted if several of its values are known, potentially allowing an attacker to tamper with requests to backend APIs...

Fedora 41 : glibc (2025-497995b101)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-497995b101 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

PT-2025-5567 · Apache · Apache Cocoon

Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions all versions Description: The issue is related to the incorrect usage of seeds in the pseudo-random number generator PRNG in Apache Cocoon. When a continuation is created, it gets a random identifier. Because the random...

Fedora 40 : glibc (2025-69207650a4)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-69207650a4 advisory. This update addresses two security vulnerabilities: CVE-2025-0395: A buffer overflow may occur in the assert function with certain large program nam...

CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID,...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a denial of service vulnerability that stems from the fact that any authenticated user can revoke any team invitation on an instance by simply providing a predictable incremental ID, whic...

PT-2025-4594 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue is related to missing authorization in Coolify, allowing any authenticated user to revoke team invitations by providing a predictable and incrementing ID. This can result in a...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. Mitigation Red Hat Product Security do...

Airtel Xstream Fiber WiFi Weak Authentication / Brute Force

Airtel Xstream Fiber WiFi devices use a weak password scheme that can be brute forced and only consists of 5 digits. Exploit Title: Airtel Xstream Fiber WiFi - Usage of Weak Initial WiFi password Date: 22-Jan-2025 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd...

AZL-55931 CVE-2025-22150 affecting package nodejs18 for versions less than 18.20.3-3

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

UBUNTU-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

CVE-2025-22150

Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

Building Effective Agents with Spring AI (Part 1)

In a recent research publication: Building effective agents, Anthropic shared valuable insights about building effective Large Language Model LLM agents. What makes this research particularly interesting is its emphasis on simplicity and composability over complex frameworks. Let's explore how...