CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

247 matches found

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS5.4AI score0.00031EPSS

Exploits0References1

NVD•added 2 days ago•5 views

CVE-2026-41858

7.5CVSS0.00031EPSS

Exploits0References1

Cvelist•added 2 days ago•31 views

CVE-2026-41858

7.5CVSS0.00031EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•5 views

CVE-2026-41858

7.5CVSS5.8AI score0.00031EPSS

Exploits0References2

CVE•added 2 days ago•9 views

CVE-2026-41858

The CVE fixes a weakness in Get-RandomPassword within BOSH-Ecosystem’s windows-utilities-release. The password for the Administrator account is derived from a clock-seeded PRNG, allowing a network attacker who can estimate VM boot time to reconstruct a small candidate list and recover the Adminis...

7.5CVSS5.8AI score0.00031EPSS

Exploits0References1

EUVD•added 2 days ago•5 views

EUVD-2026-34195

7.5CVSS5.8AI score0.00031EPSS

Exploits0References1

Positive Technologies•added 2 days ago•8 views

PT-2026-46132

7.5CVSS5.8AI score0.00031EPSS

Exploits0References2

Cloud Foundry•added 5 days ago•4 views

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

7.5CVSS5.8AI score0.00031EPSS

Exploits0

ATTACKERKB•added 2026/05/15 2:35 p.m.•3 views

CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

4.1CVSS5.8AI score0.00024EPSS

Exploits0References2

RedHat Linux•added 2026/05/14 4:55 p.m.•2 views

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

7.5CVSS5.7AI score0.00056EPSS

Exploits0References5

ICS•added 2026/05/12 12:0 a.m.•11 views

Siemens SIPROTEC 5

SUMMARY The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session...

6.9CVSS7.2AI score0.00038EPSS

Exploits0References10

CNNVD•added 2026/05/12 12:0 a.m.•2 views

Siemens SIPROTEC 5 安全漏洞

Siemens SIPROTEC 5 is a series of multifunctional relays developed by the German company Siemens. There are security vulnerabilities in Siemens SIPROTEC 5, which stem from the lack of using sufficiently random values to create session identifiers. This could allow unauthorized remote attackers to...

6.9CVSS7.3AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 2026/05/06 8:22 p.m.•4 views

CVE-2026-7847

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS4.9AI score0.0004EPSS

Exploits0References1

EUVD•added 2026/05/05 6:33 p.m.•2 views

EUVD-2026-27408

2.6CVSS4.9AI score0.0004EPSS

Exploits0References7

NVD•added 2026/05/05 5:17 p.m.•2 views

CVE-2026-7847

2.6CVSS0.0004EPSS

Exploits0References6

Cvelist•added 2026/05/05 4:30 p.m.•30 views

CVE-2026-7847 chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values

2.6CVSS0.0004EPSS

Exploits0References6

ATTACKERKB•added 2026/05/05 4:30 p.m.•1 views

CVE-2026-7847

2.6CVSS4.9AI score0.0004EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/05/05 12:0 a.m.•6 views

PT-2026-37091

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4 Description An issue exists in the Uploaded File Handler component within the get file id function of the file libs/chatchat-server/chatchat/server/api server/openai routes.py. Manipulation of this...

2.6CVSS5.7AI score0.0004EPSS

Exploits0References9

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в node-form-data

The use of insufficiently random values in form-data allows for HTTP Parameter Pollution HPP. This vulnerability is associated with the program file lib/formdata.Js. This issue affects form-data versions: 2.5.4, 3.0.0 – 3.0.3, 4.0.0 – 4.0.3...

9.4CVSS6.6AI score0.01319EPSS

Exploits1References1

Tenable Nessus•added 2026/04/29 12:0 a.m.•3 views

Juniper Junos OS Multiple Vulnerabilities (JSA88112)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88112 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids...

7.5CVSS6.5AI score0.00343EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by