CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43700

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.8AI score0.00072EPSS

Exploits0References2

NVD•added 2026/03/31 11:16 a.m.•2 views

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS0.00054EPSS

Exploits0References3

NVD•added 2026/02/12 8:16 p.m.•3 views

CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

9.2CVSS0.0006EPSS

Exploits0References3

AlpineLinux•added 2026/02/12 7:6 p.m.•3 views

CVE-2026-24044

9.2CVSS5.6AI score0.0006EPSS

Exploits0

CNNVD•added 2026/02/12 12:0 a.m.•1 views

Element Server Suite 安全漏洞

Element Server Suite is a community edition of the Element open-source server suite. There are security vulnerabilities in Element Server Suite Community Edition ESS Community, which stem from an insecure method for generating Matrix server keys. This could allow network attackers to recreate the...

9.2CVSS5.8AI score0.0006EPSS

Exploits0References4

RedhatCVE•added 2026/01/01 10:28 p.m.•3 views

CVE-2025-69286

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

9.8CVSS6.8AI score0.00084EPSS

Exploits1References1

NVD•added 2025/12/31 10:15 p.m.•3 views

CVE-2025-69286

9.8CVSS0.00084EPSS

Exploits1References5

OSV•added 2025/12/31 9:52 p.m.•2 views

CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability

9.3CVSS6.8AI score0.00084EPSS

Exploits1References7

CNNVD•added 2025/12/31 12:0 a.m.•1 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow versions prior to 0.22.0 that stems from the use of insecure key generation algorithms during API key and beta token generation, which could lead to...

9.8CVSS5.8AI score0.00084EPSS

Exploits1References5

Positive Technologies•added 2025/12/31 12:0 a.m.•2 views

PT-2025-54469

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.22.0 Description RAGFlow is a Retrieval-Augmented Generation engine. Versions prior to 0.22.0 utilize an insecure key generation algorithm when creating API keys and beta tokens assistant/agent share auth. This allo...

9.8CVSS6.6AI score0.00084EPSS

Exploits1References10

CNNVD•added 2025/06/12 12:0 a.m.•2 views

vantage6 安全特征问题漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security feature issue vulnerability exists in vantage6 versions prior to 4.11.0 that stems from an insecure JWT key auto-generation that could lead to key prediction...

7.5CVSS6.3AI score0.00274EPSS

Exploits0References3

OSV•added 2024/02/21 2:54 a.m.•24 views

GHSA-C9VV-FHGV-CJC3 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

9.1CVSS9.2AI score0.01735EPSS

Exploits1References6

OSV•added 2023/06/06 4:15 p.m.•0 views

CVE-2023-32549

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...

7.5CVSS7.1AI score0.00257EPSS

Exploits1References1

OSV•added 2023/01/09 7:15 p.m.•0 views

CVE-2022-36925

Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key ca...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References1

NVD•added 2023/01/09 7:15 p.m.•13 views

CVE-2022-36925

7.8CVSS5.5AI score0.00015EPSS

Exploits0References1

CNNVD•added 2023/01/09 12:0 a.m.•1 views

Zoom Rooms 信任管理问题漏洞

Zoom Rooms is a software-based conferencing system from Zoom USA. A system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. A security vulnerability exists in Zoom Rooms for macOS clients prior to version 5.11.4, which stems from the inclusion of...

7.8CVSS7.4AI score0.00015EPSS

Exploits0References3