26 matches found
CVE-2026-25726
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726
CVE-2026-25726 (Cloudreve) : Prior to 4.13.0, Cloudreve uses the weak Go PRNG math/rand seeded with time.Now().UnixNano() to generate critical secrets (secret_key, hash_id_salt) stored in the DB. An attacker can fetch the administrator account creation time via public APIs, brute-force the PRNG s...
Cloudreve 安全特征问题漏洞
Cloudreve is an open-source public cloud file system that supports multiple cloud storage drivers. Versions of Cloudreve prior to 4.13.0 have a security feature vulnerability. This vulnerability stems from the use of a weak pseudo-random number generator for generating security keys, which may le...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
GHSA-F8XP-WVCX-P6F4 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...
PT-2026-29420
Name of the Vulnerable Software and Affected Versions Cloudreve versions prior to 4.13.0 Description Cloudreve is a self-hosted file management and sharing system. Versions prior to 4.13.0 use a weak pseudo-random number generator math/rand seeded with time to generate critical security secrets,...
EUVD-2022-6795
Malicious code in bioql PyPI...
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
Stored Cross Site Scripting (XSS)
github.com/cloudreve/cloudreve is vulnerable to cross-site scripting. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
Cross site scripting in Cloudreve
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
GHSA-FG25-GQ9G-32MX Cross site scripting in Cloudreve
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cloudreve versions v1.0.0 through v3.5.3 is vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...