Monthly
Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.
OpenClaw before version 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in Gemini OAuth flows, exposing cryptographic material through the redirect URL and enabling attackers who capture the URL to obtain both the authorization code and PKCE verifier, defeating PKCE protection and allowing unauthorized token redemption. The vulnerability requires user interaction (redirect capture) but has high confidentiality impact affecting OAuth security mechanisms; it is an information disclosure flaw in the OAuth implementation itself rather than a remote code execution threat.
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the command injection (CVE-2026-25070) is patched.
Cisco Secure Firewall ASA and Secure FTD devices can be remotely rebooted by unauthenticated attackers through malformed SAML 2.0 authentication messages, causing service unavailability due to insufficient input validation. The vulnerability has a high attack surface as it requires no authentication or user interaction and affects the device's core authentication mechanism. No patch is currently available.
Weak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict session tokens and hijack administrative sessions.
Fleet's device lock and wipe PIN generation relies on predictable timestamps without additional entropy, allowing attackers with physical access to a locked device and knowledge of the approximate lock time to brute-force the 6-digit PIN within a limited search window. This vulnerability affects Fleet versions prior to 4.80.1 and requires local access and timing knowledge to exploit. No patch is currently available.
Predictable password reset tokens in FreeScout help desk before 1.8.206. Weak random number generation allows attackers to predict reset tokens and take over accounts. PoC and patch available.
Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. [CVSS 7.5 HIGH]
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enabling session hijacking.
Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.
OpenClaw before version 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in Gemini OAuth flows, exposing cryptographic material through the redirect URL and enabling attackers who capture the URL to obtain both the authorization code and PKCE verifier, defeating PKCE protection and allowing unauthorized token redemption. The vulnerability requires user interaction (redirect capture) but has high confidentiality impact affecting OAuth security mechanisms; it is an information disclosure flaw in the OAuth implementation itself rather than a remote code execution threat.
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Predictable session identifier generation in XikeStor SKS8310-8X network switch allows session hijacking even if the command injection (CVE-2026-25070) is patched.
Cisco Secure Firewall ASA and Secure FTD devices can be remotely rebooted by unauthenticated attackers through malformed SAML 2.0 authentication messages, causing service unavailability due to insufficient input validation. The vulnerability has a high attack surface as it requires no authentication or user interaction and affects the device's core authentication mechanism. No patch is currently available.
Weak session identifier generation in SODOLA SL902-SWTGW124AS network switch firmware allows attackers to predict session tokens and hijack administrative sessions.
Fleet's device lock and wipe PIN generation relies on predictable timestamps without additional entropy, allowing attackers with physical access to a locked device and knowledge of the approximate lock time to brute-force the 6-digit PIN within a limited search window. This vulnerability affects Fleet versions prior to 4.80.1 and requires local access and timing knowledge to exploit. No patch is currently available.
Predictable password reset tokens in FreeScout help desk before 1.8.206. Weak random number generation allows attackers to predict reset tokens and take over accounts. PoC and patch available.
Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in MySQL. [CVSS 7.5 HIGH]
Predictable session identifiers in Binardat 10G08-0800GSM network switch. Numeric session IDs are easily guessable, enabling session hijacking.