CWE-330: CWE-330

The BuddyForms WordPress plugin has an email verification bypass vulnerability due to insufficiently random activation codes. Unauthenticated attacker...

This vulnerability in FIWARE Keyrock allows attackers to predict activation tokens due to insufficient randomness, enabling unauthorized account activ...

A vulnerability in gokey versions before 0.2.0 causes passwords derived from seed files to use only 28 bytes of entropy instead of the intended 240 by...

The Login Lockdown & Protection WordPress plugin has an IP block bypass vulnerability where attackers can generate valid unblock keys if they know an ...

This vulnerability allows unauthenticated attackers to cancel arbitrary bookings in the Hydra Booking WordPress plugin. Attackers can brute-force canc...

This vulnerability allows unauthenticated attackers to bypass the Banhammer WordPress plugin's traffic monitoring and blocking features. Attackers can...

This vulnerability in Fuchsia OS allows attackers to predict network protocol header values like TCP sequence numbers and source ports, enabling netwo...

This vulnerability in Avahi-daemon allows attackers to more easily inject malicious DNS responses by exploiting predictable source ports in wide-area ...

Nextcloud Calendar versions before 6.0.3 generate participant tokens for meeting proposals using a predictable hash function instead of cryptographica...

This vulnerability allows attackers within Wi-Fi range to calculate the default password for EZCast Pro II dongles using observable device identifiers...

An authentication bypass vulnerability in the IFTTT integration feature allows authenticated attackers to potentially gain unauthorized access to affe...