PT-2025-53609

Name of the Vulnerable Software and Affected Versions FreshRSS versions prior to 1.28.0 Description FreshRSS utilizes weak random number generators mt rand and uniqid for creating remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session token...

RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

Impact A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be. Small values of int in the functions above will return a smaller subs...

GHSA-XG2H-WX96-XGXR RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

Impact A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be. Small values of int in the functions above will return a smaller subs...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

DokuWiki: source code security analysis report

Several vulnerabilities were discovered in DokuWiki Community 'DokuWiki' software: Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect User Input Filtration when Generating Code on the Fly...

CMSimple CMS: source code security analysis report

Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...

Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators adv-random-gen allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter...