Lucene search
K

1303 matches found

OSV
OSV
added 2025/07/18 5:15 p.m.2 views

UBUNTU-CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 -...

9.4CVSS6.7AI score0.01735EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2025/07/18 4:34 p.m.4 views

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

9.4CVSS6.1AI score0.01735EPSS
Exploits1
OSV
OSV
added 2025/07/17 2:15 p.m.1 views

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/17 12:0 a.m.8 views

The vulnerability of the `rand()` function in the Perl programming language, which allows attackers to circumvent existing security restrictions

The vulnerability of the rand function in the Perl programming language is related to the use of a insecure program for generating random numbers. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

7.7CVSS5.9AI score0.00179EPSS
Exploits0References7Affected Software5
Snyk
Snyk
added 2025/07/10 6:28 a.m.3 views

Insecure Randomness

Overview bcryptify is a Bcryptify is a modern and elegant Python library designed to simplify the use of cryptographic algorithms, while adhering to SOLID principles to ensure clean, extensible, and maintainable code. Affected versions of this package are vulnerable to Insecure Randomness via the...

6.9CVSS7.2AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.3 views

Generalized and Unified Equivalences between Hardness and Pseudoentropy

Pseudoentropy characterizations provide a quantitatively precise demonstration of the close relationship between computational hardness and computational randomness. We prove a unified pseudoentropy characterization that generalizes and strengthens previous results for both uniform and non-unifor...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/07 12:0 a.m.6 views

Adaptive Variation-Resilient Random Number Generator for Embedded Encryption

With a growing interest in securing user data within the internet-of-things IoT, embedded encryption has become of paramount importance, requiring light-weight high-quality Random Number Generators RNGs. Emerging stochastic device technologies produce random numbers from stochastic physical...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.3 views

Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs

This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.3 views

Certified Randomness from Quantum Speed Limits

Quantum speed limits are usually regarded as fundamental restrictions, constraining the amount of computation that can be achieved within some given time and energy. Complementary to this intuition, here we show that these limitations are also of operational value: they enable the secure generati...

6.7AI score
Exploits0
NVD
NVD
added 2025/06/19 4:15 p.m.3 views

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

9.5CVSS0.00409EPSS
Exploits0References5
Veracode
Veracode
added 2025/06/17 8:38 a.m.10 views

Use Of Insufficiently Random Values

vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...

7.5CVSS6.4AI score0.0033EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.4 views

PT-2025-25544 · Unknown · Mojolicious::Plugin::Captchapng

Name of the Vulnerable Software and Affected Versions: Mojolicious::Plugin::CaptchaPNG version 1.05 Description: The issue concerns the use of a weak random number source for generating the captcha in Mojolicious::Plugin::CaptchaPNG for Perl. Specifically, version 1.05 utilizes the built-in rand...

9.1CVSS6.4AI score0.00332EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: nodejs (TSSA-2022:0262)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0262 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS7.6AI score0.77278EPSS
Exploits7References14
RedhatCVE
RedhatCVE
added 2025/06/14 3:15 p.m.6 views

CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

3.1CVSS3.8AI score0.00318EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/12 6:50 p.m.6 views

Insecure Randomness

Overview vantage6-server is a Vantage6 server Affected versions of this package are vulnerable to Insecure Randomness via the configureflask function, due to the predictable nature of the auto-generated secret key, an attacker can determine it and forge valid security tokens. This allows them to...

7.5CVSS7.2AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2025/06/12 3:15 p.m.7 views

CVE-2025-49198

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

7.5CVSS0.00318EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/12 2:24 p.m.2 views

CVE-2025-49198 Poor quality of randomness in authorization tokens

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

3.1CVSS3.8AI score0.00318EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/06/12 2:24 p.m.11 views

CVE-2025-49198 Poor quality of randomness in authorization tokens

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens...

3.1CVSS0.00318EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.3 views

PT-2025-25324 · Sick Ag · Sick Media Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns authorization tokens with poor randomness quality. An attacker may guess the token of an active user by computing plausible tokens. Recommendations: At the moment, there i...

3.1CVSS6.2AI score0.00318EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.3 views

MetaCPAN Perl Mojolicious::Plugin::CSRF 安全特征问题漏洞

MetaCPAN Perl Mojolicious::Plugin::CSRF is a CSRF defense plugin from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Perl Mojolicious::Plugin::CSRF version 1.03 that stems from the use of a weak random number source to generate CSRF tokens...

7CVSS6.7AI score0.00242EPSS
Exploits0References3
Rows per page
Query Builder