Lucene search
K

1305 matches found

Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.3 views

PT-2025-25324 · Sick Ag · Sick Media Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns authorization tokens with poor randomness quality. An attacker may guess the token of an active user by computing plausible tokens. Recommendations: At the moment, there i...

3.1CVSS6.2AI score0.00318EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.3 views

MetaCPAN Perl Mojolicious::Plugin::CSRF 安全特征问题漏洞

MetaCPAN Perl Mojolicious::Plugin::CSRF is a CSRF defense plugin from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Perl Mojolicious::Plugin::CSRF version 1.03 that stems from the use of a weak random number source to generate CSRF tokens...

7CVSS6.7AI score0.00242EPSS
Exploits0References3
OSV
OSV
added 2025/06/09 2:33 p.m.5 views

CLSA-2025-1749479602 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

7.5CVSS5.8AI score0.01614EPSS
Exploits2References1
Packet Storm News
Packet Storm News
added 2025/06/07 12:0 a.m.3 views

Shuffling Cards When You Are of Very Little Brain: Low Memory Generation of Permutations

How can we generate a permutation of the numbers $1$ through $n$ so that it is hard to guess the next element given the history so far? The twist is that the generator of the permutation the "Dealer" has limited memory, while the "Guesser" has unlimited memory. With unbounded memory actually $n$...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/04 12:0 a.m.3 views

Towards Trustworthy Federated Learning with Untrusted Participants

Resilience against malicious participants and data privacy are essential for trustworthy federated learning, yet achieving both with good utility typically requires the strong assumption of a trusted central server. This paper shows that a significantly weaker assumption suffices: each pair of...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2025/05/31 6:40 a.m.19 views

CVE-2025-4607 PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function

The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customerregistration function. This is due to the use of a weak, low-entropy OTP mechanism in the forget function. This makes it possible for...

9.8CVSS0.00467EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/31 12:0 a.m.2 views

WordPress plugin PSW Front-end Login & Registration 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security feature issue vulnerabilit...

9.8CVSS6.3AI score0.00467EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/05/29 12:0 a.m.2 views

Joint Data Hiding and Partial Encryption of Compressive Sensed Streams

The paper proposes a method to secure the Compressive Sensing CS streams. It consists in protecting part of the measurements by a secret key and inserting the code into the rest. The secret key is generated via a cryptographically secure pseudo-random number generator CSPRNG and XORed with the...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/26 11:36 p.m.20 views

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS6.5AI score0.00462EPSS
Exploits1References1
OSV
OSV
added 2025/05/25 12:15 a.m.4 views

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS4.4AI score
Exploits0References4
NVD
NVD
added 2025/05/25 12:15 a.m.12 views

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS0.00462EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/05/24 11:31 p.m.8 views

CVE-2025-5136 Tmall Demo Payment Identifier pay random values

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS4AI score0.00462EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/24 11:31 p.m.19 views

CVE-2025-5136 Tmall Demo Payment Identifier pay random values

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

6.3CVSS0.00462EPSS
Exploits1References4
CVE
CVE
added 2025/05/24 11:31 p.m.53 views

CVE-2025-5136

CVE-2025-5136 affects Tmall Demo up to 20250505 in the Payment Identifier Handler, specifically the file path /tmall/order/pay/. The root issue is insufficiently random values in the payment identifier, enabling remote attack; attack vector is NETWORK with HIGH complexity and NONE authentication....

6.3CVSS6.5AI score0.00462EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.6 views

CVE-2024-7659

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

7.5CVSS7.6AI score0.00786EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.5 views

CVE-2024-7315

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups...

7.5CVSS6.2AI score0.00574EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.23 views

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

9.8CVSS9.5AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.6 views

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

7.5CVSS6.8AI score0.00995EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:47 a.m.13 views

CVE-2023-4462

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...

5.9CVSS6.8AI score0.0092EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.10 views

CVE-2023-3803

A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. Th...

3.7CVSS6.7AI score0.00545EPSS
Exploits1References1
Rows per page
Query Builder