ROS-20260129-73-0049

Vulnerability in nextcloud-app-calendar related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

MiracleLinux 8 : nodejs:18 (AXSA:2025-9678:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9678:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable h...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732. This bulletin contains information addressing the vulnerability. Vulnerability Details...

EUVD-2018-5228

Malware in sbrugna...

EUVD-2022-46484

Malicious code in bioql PyPI...

EUVD-2025-16231

Malicious code in bioql PyPI...

EUVD-2023-44436

Malicious code in bioql PyPI...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006, 24.0.1-IF004 and 25.0.0-IF001. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random...

OESA-2025-2276 nodejs-form-data security update

A module to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications. Security Fixes: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program file...

Linux Distros Unpatched Vulnerability : CVE-2025-7783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

DEBIAN-CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-1953

A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...

CVE-2025-1953

CVE-2025-1953 affects vLLM AIBrix 0.2.0. The issue resides in the Prefix Caching component, specifically file pkg/plugins/gateway/prefixcacheindexer/hash.go, where manipulation leads to insufficiently random values. Public documents describe the vulnerability as having a high attack complexity an...

Wiesemann & Theis ComServer Use of Insufficiently Random Values (CVE-2022-42787)

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

CVE-2024-42163 Password Manipulation

Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...

GO-2024-2565 Use of Insufficiently Random Values in github.com/greenpau/caddy-security

Use of Insufficiently Random Values in github.com/greenpau/caddy-security...

NEC Aterm 安全漏洞

NEC Aterm is a series of wireless routers from Japan Electric NEC. A security vulnerability exists in NEC Aterm that stems from insufficient random values. The following products are affected: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS,...