Lucene search
K

280 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46132

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomize password job exists solely ...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2026/06/01 12:0 a.m.9 views

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

7.5CVSS5.8AI score0.00245EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:35 p.m.7 views

CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

4.1CVSS5.8AI score0.00146EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.9 views

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

8.2CVSS5.7AI score0.00312EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens SIPROTEC 5 安全漏洞

Siemens SIPROTEC 5 is a series of multifunctional relays developed by the German company Siemens. There are security vulnerabilities in Siemens SIPROTEC 5, which stem from the lack of using sufficiently random values to create session identifiers. This could allow unauthorized remote attackers to...

6.9CVSS7.3AI score0.00306EPSS
Exploits0References1
ICS
ICS
added 2026/05/12 12:0 a.m.33 views

Siemens SIPROTEC 5

SUMMARY The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session...

6.9CVSS7.2AI score0.00306EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.9 views

CVE-2026-7847

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS4.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 6:33 p.m.5 views

EUVD-2026-27408

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS4.9AI score0.00235EPSS
Exploits0References7
NVD
NVD
added 2026/05/05 5:17 p.m.6 views

CVE-2026-7847

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS0.00235EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 4:30 p.m.41 views

CVE-2026-7847 chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS0.00235EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/05 4:30 p.m.7 views

CVE-2026-7847

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS4.9AI score0.00235EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-37091

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4 Description An issue exists in the Uploaded File Handler component within the get file id function of the file libs/chatchat-server/chatchat/server/api server/openai routes.py. Manipulation of this...

2.6CVSS5.7AI score0.00235EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

Juniper Junos OS Multiple Vulnerabilities (JSA88112)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88112 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids...

7.5CVSS6.5AI score0.01577EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 11:32 p.m.30 views

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

4.8CVSS0.00312EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.6 views

Oracle Linux 9 : bind (ELSA-2026-8075)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8075 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 Tenable has...

8.6CVSS7.3AI score0.01545EPSS
Exploits0References2
CVE
CVE
added 2026/04/03 8:6 p.m.32 views

CVE-2026-25726

CVE-2026-25726 (Cloudreve) : Prior to 4.13.0, Cloudreve uses the weak Go PRNG math/rand seeded with time.Now().UnixNano() to generate critical secrets (secret_key, hash_id_salt) stored in the DB. An attacker can fetch the administrator account creation time via public APIs, brute-force the PRNG s...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/09 9:31 p.m.11 views

EUVD-2025-208452

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

6.3CVSS5.3AI score0.00289EPSS
Exploits0References5
NVD
NVD
added 2026/03/09 9:16 p.m.15 views

CVE-2025-15603

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor explains: "The 't0p-s3cr3t' default was dead code on every supported startup path: start.sh...

0.00289EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:32 p.m.8 views

CVE-2025-15603

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor explains: "The 't0p-s3cr3t' default was dead code on every supported startup path: start.sh, startwindows.ba...

5AI score0.00289EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/09 8:32 p.m.41 views

CVE-2025-15603

...

0.00289EPSS
Exploits0
Rows per page
Query Builder