Monthly
Silent cryptographic key failure in Netty's OHTTP codec exposes HPKE response encryption to full key prediction. When HKDF_expand or EVP_HPKE_CTX_export fails internally, the library returns a zero-filled byte array rather than propagating the error, and that all-zero material is consumed directly by OHttpCrypto.createResponseAEAD() without any validation. Any OHTTP response encrypted under a failure-induced all-zero AEAD key is fully decryptable by any attacker who knows this behavior exists - the key is deterministic and universal. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.
Predictable afpd session token generation in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to forecast or brute-force valid session identifiers within the Apple Filing Protocol daemon. Per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, the scored impact is limited to high availability disruption, though the reporter tag 'Information Disclosure' suggests potential session-hijacking consequences that may not be fully captured in the CVSS scoring - a discrepancy analysts should verify against the vendor advisory. No public exploit code or CISA KEV listing exists at time of analysis.
Predictable API session token generation in OpenMage LTS (≤ 20.16.0, confirmed vulnerable through ≤ 20.17.0) allows remote unauthenticated attackers to hijack authenticated XML-RPC, SOAP, and legacy REST API sessions by brute-forcing MD5 digests derived from time-based inputs. The session ID is constructed via md5(time() . uniqid('', true) . null), leaving an attacker with predictable timestamp and microsecond components plus a constrained LCG float - yielding far less than the OWASP ASVS-mandated 64 bits of entropy. Publicly available exploit code exists in the form of a working Python PoC included with the advisory.
Insufficiently random file ID generation in Langchain-Chatchat up to version 0.3.1.3 allows authenticated local network attackers to predict uploaded file identifiers via the _get_file_id function, enabling information disclosure. The vulnerability requires local network access and authenticated privileges but carries low exploitability due to high attack complexity. A public exploit is available, though the project has not responded to early disclosure notifications.
{random.value} for secrets generation produce cryptographically weak values unsuitable for authentication, encryption keys, or other sensitive purposes. Affected versions 2.7.0 through 4.0.5 generate predictable random values when relying on the random value property source; attackers can enumerate or predict these values to compromise confidentiality and integrity of secrets. The vulnerability does not affect ${random.uuid}, which uses a cryptographically secure implementation. Patches are available for all supported and unsupported versions.
Insecure token generation in FreeScout <1.8.213 allows unauthenticated remote attackers to download private email attachments by forging MD5-based download tokens. The predictable formula (md5(APP_KEY + sequential_attachment_id + guessable_size)) enables enumeration of all stored attachments without credentials. CVSS 8.8 reflects high confidentiality and integrity impact via network vector with no authentication required. EPSS data not provided. Proof-of-concept exploitation exists (E:P in CVSS vector). Vendor-released patch version 1.8.213 available via GitHub.
DNN (DotNetNuke) 10.0.0 through 10.2.1 installations use an identical Host GUID across all new deployments, enabling attackers to impersonate the host administrator account and gain unauthorized access to sensitive CMS functionality. This affects only fresh installations-upgrades from 9.x retain unique identifiers. The vulnerability requires network access to exploit but no authentication or user interaction, and is patched in version 10.2.2.
Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.
OpenClaw before version 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in Gemini OAuth flows, exposing cryptographic material through the redirect URL and enabling attackers who capture the URL to obtain both the authorization code and PKCE verifier, defeating PKCE protection and allowing unauthorized token redemption. The vulnerability requires user interaction (redirect capture) but has high confidentiality impact affecting OAuth security mechanisms; it is an information disclosure flaw in the OAuth implementation itself rather than a remote code execution threat.
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Silent cryptographic key failure in Netty's OHTTP codec exposes HPKE response encryption to full key prediction. When HKDF_expand or EVP_HPKE_CTX_export fails internally, the library returns a zero-filled byte array rather than propagating the error, and that all-zero material is consumed directly by OHttpCrypto.createResponseAEAD() without any validation. Any OHTTP response encrypted under a failure-induced all-zero AEAD key is fully decryptable by any attacker who knows this behavior exists - the key is deterministic and universal. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.
Predictable afpd session token generation in Netatalk 2.0.0 through 4.4.2 allows an authenticated remote attacker to forecast or brute-force valid session identifiers within the Apple Filing Protocol daemon. Per CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, the scored impact is limited to high availability disruption, though the reporter tag 'Information Disclosure' suggests potential session-hijacking consequences that may not be fully captured in the CVSS scoring - a discrepancy analysts should verify against the vendor advisory. No public exploit code or CISA KEV listing exists at time of analysis.
Predictable API session token generation in OpenMage LTS (≤ 20.16.0, confirmed vulnerable through ≤ 20.17.0) allows remote unauthenticated attackers to hijack authenticated XML-RPC, SOAP, and legacy REST API sessions by brute-forcing MD5 digests derived from time-based inputs. The session ID is constructed via md5(time() . uniqid('', true) . null), leaving an attacker with predictable timestamp and microsecond components plus a constrained LCG float - yielding far less than the OWASP ASVS-mandated 64 bits of entropy. Publicly available exploit code exists in the form of a working Python PoC included with the advisory.
Insufficiently random file ID generation in Langchain-Chatchat up to version 0.3.1.3 allows authenticated local network attackers to predict uploaded file identifiers via the _get_file_id function, enabling information disclosure. The vulnerability requires local network access and authenticated privileges but carries low exploitability due to high attack complexity. A public exploit is available, though the project has not responded to early disclosure notifications.
{random.value} for secrets generation produce cryptographically weak values unsuitable for authentication, encryption keys, or other sensitive purposes. Affected versions 2.7.0 through 4.0.5 generate predictable random values when relying on the random value property source; attackers can enumerate or predict these values to compromise confidentiality and integrity of secrets. The vulnerability does not affect ${random.uuid}, which uses a cryptographically secure implementation. Patches are available for all supported and unsupported versions.
Insecure token generation in FreeScout <1.8.213 allows unauthenticated remote attackers to download private email attachments by forging MD5-based download tokens. The predictable formula (md5(APP_KEY + sequential_attachment_id + guessable_size)) enables enumeration of all stored attachments without credentials. CVSS 8.8 reflects high confidentiality and integrity impact via network vector with no authentication required. EPSS data not provided. Proof-of-concept exploitation exists (E:P in CVSS vector). Vendor-released patch version 1.8.213 available via GitHub.
DNN (DotNetNuke) 10.0.0 through 10.2.1 installations use an identical Host GUID across all new deployments, enabling attackers to impersonate the host administrator account and gain unauthorized access to sensitive CMS functionality. This affects only fresh installations-upgrades from 9.x retain unique identifiers. The vulnerability requires network access to exploit but no authentication or user interaction, and is patched in version 10.2.2.
Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.
OpenClaw before version 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in Gemini OAuth flows, exposing cryptographic material through the redirect URL and enabling attackers who capture the URL to obtain both the authorization code and PKCE verifier, defeating PKCE protection and allowing unauthorized token redemption. The vulnerability requires user interaction (redirect capture) but has high confidentiality impact affecting OAuth security mechanisms; it is an information disclosure flaw in the OAuth implementation itself rather than a remote code execution threat.
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.