Falhas do tipo CWE-330
148 resultadosCVE-2017-16028—react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-EPSS 1.4%CVE-2026-11374CRITICALAccount Takeover via Predictable SSO Ticket GenerationEPSS 1.2%CVE-2021-25677MEDIUMA vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions <EPSS 1.1%CVE-2023-6376MEDIUMHenschen & Associates court document management software cache uses predictable file namesEPSS 1.1%CVE-2023-34353HIGHAn authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00EPSS 1.0%CVE-2022-30935CRITICALAn authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the usEPSS 1.0%CVE-2024-0761HIGHFile Manager <= 7.2.1 - Sensitive Information Exposure via Backup FilenamesEPSS 1.0%CVE-2022-36045CRITICALAccount takeover via cryptographically weak PRNG in NodeBB ForumEPSS 1.0%CVE-2022-38970MEDIUMieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices tEPSS 1.0%CVE-2022-46353CRITICALA vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALAEPSS 1.0%CVE-2022-26647HIGHA vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE EPSS 1.0%CVE-2023-26451HIGHFunctions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. AuthorizatiEPSS 1.0%CVE-2022-26071HIGHOn F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior EPSS 1.0%CVE-2022-3959LOWdrogon Session Hash small space of random valuesEPSS 1.0%CVE-2022-44938CRITICALWeak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.EPSS 1.0%CVE-2021-29499HIGHPredictable SIF UUID IdentifiersEPSS 1.0%CVE-2023-31124LOWAutoTools does not set CARES_RANDOM_FILE during cross compilationEPSS 0.9%CVE-2023-4462LOWPoly VVX 601 Web Configuration Application random valuesEPSS 0.9%CVE-2020-35163MEDIUMDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of InsufficEPSS 0.9%CVE-2022-39216HIGHCombodo iTop's weak password reset token leads to account takeoverEPSS 0.9%