CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

Weak Random Value Generation For Secrets (weak PRNG)

Spring Boot is vulnerable to the use of a weak pseudo-random number generator PRNG. The vulnerability is due to the use of predictable random value sources e.g., $random.value, $random.int, $random.long, which allows an attacker to guess or brute-force generated secrets and compromise application...

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

Cloudreve 安全特征问题漏洞

Cloudreve is an open-source public cloud file system that supports multiple cloud storage drivers. Versions of Cloudreve prior to 4.13.0 have a security feature vulnerability. This vulnerability stems from the use of a weak pseudo-random number generator for generating security keys, which may le...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

MiracleLinux 9 : edk2-20231122-6.el9_4.2 (AXSA:2024-8600:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8600:07 advisory. EDK2: integer overflow in CreateHob could lead to HOB OOB R/W CVE-2022-36765 edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use...

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

PT-2025-53832

Name of the Vulnerable Software and Affected Versions coturn versions 4.6.2r5 through 4.7.0-r4 Description coturn, a free open source implementation of TURN and STUN Server, contains a flaw related to its random number generator. Specifically, the random number generator for nonces and port...

CVE-2025-26379

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...

CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator

Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets...