Lucene search
K

42 matches found

EUVD
EUVD
added 2026/06/25 1:27 p.m.4 views

EUVD-2026-39394

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:27 p.m.20 views

CVE-2026-2815

The CVE affects Silicon Labs’ EFR32xG27 devices. Issue: Incorrect use of the PUF key for user key generation leads to predictable keys. This is tied to a CVSS 4.0 base score of 8.4 (HIGH) with adjacent access, low attack complexity, no authentication, and user interaction not required. The vulner...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:27 p.m.33 views

CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS0.00159EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/18 4:30 p.m.14 views

USN-8452-1: pbkdf2 vulnerability

Nikita Skovoroda discovered that pbkdf2 did not properly validate certain algorithm names. An attacker could possibly use this issue to generate predictable cryptographic keys, resulting in signature spoofing...

9.1CVSS5.4AI score0.00359EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/26 11:8 p.m.20 views

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/18 5:31 p.m.11 views

CVE-2026-8700

A flaw was found in perl-Crypt-DSA. This vulnerability occurs because the software generates cryptographic seeds using Perl's built-in rand function, which is predictable and unsuitable for security-sensitive operations. An attacker could potentially leverage this predictability to weaken the...

7.3CVSS5.7AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 6:59 p.m.22 views

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

7.5CVSS0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 6:59 p.m.4 views

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32024

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + user id 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + user id5 - 10000. An attacker wh...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/31 10:31 p.m.3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.13 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. wolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the lack of necessary encryption steps in the TLS...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2003-1381

Malware in sbrugna...

7.5CVSS6.4AI score0.00697EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-10138

Malware in sbrugna...

5.5CVSS5.6AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29030

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00164EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/14 9:25 a.m.7 views

CVE-2025-7448

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

8.6CVSS6.9AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2025/09/12 10:15 a.m.4 views

CVE-2025-7448

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

8.6CVSS0.00164EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/12 9:11 a.m.8 views

CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

8.6CVSS0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/12 9:11 a.m.2 views

CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle MitM attack...

8.6CVSS6.5AI score0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/09/12 9:11 a.m.16 views

CVE-2025-7448

CVE-2025-7448 affects Silicon Labs Wi-SUN Stack. The issue arises from unexpected 4‑Way Handshake packet receptions, which can yield predictable cryptographic keys and potentially enable a Man-in-the-Middle (MitM) attack. Reported by multiple sources, the vulnerability is tied to Wi-SUN Handshake...

8.6CVSS6.5AI score0.00164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37298

Name of the Vulnerable Software and Affected Versions: Wi-SUN affected versions not specified Description: The Wi-SUN protocol is susceptible to a flaw related to unexpected 4-Way Handshake packet receptions. This can result in predictable keys, potentially enabling a Man-in-the-Middle MitM attac...

8.6CVSS6.2AI score0.00164EPSS
Exploits0References7
Rows per page
Query Builder