CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added yesterday•5 views

CVE-2026-41858

Cvelist•added yesterday•25 views

CVE-2026-41858

7.5CVSS0.00031EPSS

CVE•added yesterday•9 views

CVE-2026-41858

The CVE fixes a weakness in Get-RandomPassword within BOSH-Ecosystem’s windows-utilities-release. The password for the Administrator account is derived from a clock-seeded PRNG, allowing a network attacker who can estimate VM boot time to reconstruct a small candidate list and recover the Adminis...

EUVD•added yesterday•5 views

EUVD-2026-34195

RedhatCVE•added yesterday•6 views

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

4.8CVSS5.6AI score0.00036EPSS

Positive Technologies•added yesterday•8 views

PT-2026-46132

Tenable Nessus•added 4 days ago•8 views

Fedora 44 : perl-Crypt-PasswdMD5 (2026-30d86fe986)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-30d86fe986 advisory. This update uses a cryptographically strong random number source rather than perl's rand function to generate random salt values when required CVE-2026-6659...

7.5CVSS5.8AI score0.00015EPSS

Cloud Foundry•added 4 days ago•4 views

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

CVE•added 2026/05/27 8:6 p.m.•10 views

Exploits0

CVE-2026-47272

pam_usb for Linux allows local authentication bypass before version 0.9.0 due to pusb_pad_compare() only checking the user-side pad (~/.pamusb/device.pad) and not requiring the system-side pad on the USB device to be present. A local user can delete or obscure their own device.pad to bypass the U...

7.1CVSS5.9AI score0.00016EPSS

Vulnrichment•added 2026/05/27 8:6 p.m.•4 views

CVE-2026-47272 pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusbpadcompare function in src/pad.c only verified that the user-side pad /.pamusb/device.pad could be read, but did not enforce that the system-side pad the pad file on the USB device was also...

7.1CVSS5.9AI score0.00016EPSS

OSV•added 2026/05/27 3:1 p.m.•4 views

USN-8325-1 tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...

5.9CVSS5.8AI score0.00311EPSS

NVD•added 2026/05/26 11:16 p.m.•10 views

CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

4.8CVSS0.00036EPSS

Vulnrichment•added 2026/05/26 10:53 p.m.•7 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

5.8AI score0.00036EPSS

Cvelist•added 2026/05/26 10:53 p.m.•26 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

0.00036EPSS

EUVD•added 2026/05/26 10:53 p.m.•9 views

EUVD-2026-32022

5.8AI score0.00036EPSS

CVE•added 2026/05/26 10:53 p.m.•9 views

CVE-2026-8647

CVE-2026-8647 affects Crypt::ScryptKDF for Perl up to version 0.010. When no CSPRNG module is available, the random_bytes path falls back to Perl's built-in rand(), enabling insecure randomness in key derivation. The issue arises if Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random,...

4.8CVSS5.8AI score0.00036EPSS

Snyk•added 2026/05/21 9:49 p.m.•10 views

Insecure Randomness

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.3CVSS5.8AI score

Snyk•added 2026/05/21 9:49 p.m.•8 views

Insecure Randomness

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score

Snyk•added 2026/05/21 9:49 p.m.•8 views

Insecure Randomness

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.3CVSS5.8AI score