Lucene search
+L

1353 matches found

NVD
NVD
added 8 hours ago5 views

CVE-2026-13082

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 8 hours ago9 views

CVE-2026-13082 GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

Exploits0References2
CVE
CVE
added 8 hours ago9 views

CVE-2026-13082

CVE-2026-13082 affects GD::SecurityImage for Perl (versions through 1.75). The vulnerability arises because the CAPTCHA secret text is generated by sampling from a character set using Perl’s built-in rand, which is not suitable for security applications due to predictability and reversibility. Im...

5.3CVSS5.4AI score
Exploits0References2
Nuclei
Nuclei
added 16 hours ago14 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.7AI score0.03816EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-46351

BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebutton/api/Util.java and...

8.1CVSS0.00039EPSS
Exploits0References3
CVE
CVE
added yesterday11 views

CVE-2026-46351

BigBlueButton (open-source virtual classroom) prior to 3.0.21 used insufficiently secure randomness to generate conference sessionToken values in bbb-common-web/src/main/java/org/bigbluebutton/api/Util.java and bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiControll...

8.1CVSS6.1AI score0.00039EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday39 views

CVE-2026-46351 BigBlueButton: Insecure Randomness allows to guess user's conference session token and impersonate them

BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebutton/api/Util.java and...

8.1CVSS0.00039EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-61500 Rejetto HFS < 3.2.1 Session Forgery via Predictable Signing Key

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS0.00747EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-57841

Name of the Vulnerable Software and Affected Versions Rejetto HFS versions 3.0.0 through 3.2.0 Description The software derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of this generator to unauthenticated clients during login. A remote...

9.8CVSS6.5AI score0.00747EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 5 days ago5 views

Security update for perl-CGI-Session (moderate)

openSUSE Security Update: Security update for perl-CGI-Session Announcement ID: openSUSE-SU-2026:0240-1 Rating: moderate References: 1269983 Cross-References: CVE-2026-56016 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

5.9CVSS5.3AI score0.00322EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/07/10 9:0 a.m.15 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/09 7:16 a.m.7 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 6:26 a.m.10 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 5:34 a.m.38 views

CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS0.00425EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/08 5:34 a.m.7 views

EUVD-2026-42167

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 5:34 a.m.14 views

CVE-2026-14495

CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/07 12:0 a.m.4 views

Security update for perl-Crypt-SaltedHash (critical)

openSUSE Security Update: Security update for perl-Crypt-SaltedHash Announcement ID: openSUSE-SU-2026:0230-1 Rating: critical References: 1265912 1265927 Cross-References: CVE-2026-47372 CVE-2026-47373 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes two vulnerabilities is no...

9.1CVSS5.9AI score0.00397EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:0 a.m.8 views

CVE-2026-14702

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/07/05 4:0 a.m.38 views

CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS0.00108EPSS
Exploits0References7
NVD
NVD
added 2026/07/05 2:17 a.m.15 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS0.00508EPSS
Exploits0References4
Rows per page
Query Builder