26 matches found
CVE-2026-25726
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726
CVE-2026-25726 (Cloudreve) : Prior to 4.13.0, Cloudreve uses the weak Go PRNG math/rand seeded with time.Now().UnixNano() to generate critical secrets (secret_key, hash_id_salt) stored in the DB. An attacker can fetch the administrator account creation time via public APIs, brute-force the PRNG s...
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
Cloudreve 安全特征问题漏洞
Cloudreve is an open-source public cloud file system that supports multiple cloud storage drivers. Versions of Cloudreve prior to 4.13.0 have a security feature vulnerability. This vulnerability stems from the use of a weak pseudo-random number generator for generating security keys, which may le...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
GHSA-F8XP-WVCX-P6F4 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...
PT-2026-29420
Name of the Vulnerable Software and Affected Versions Cloudreve versions prior to 4.13.0 Description Cloudreve is a self-hosted file management and sharing system. Versions prior to 4.13.0 use a weak pseudo-random number generator math/rand seeded with time to generate critical security secrets,...
EUVD-2022-6795
Malicious code in bioql PyPI...
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
Stored Cross Site Scripting (XSS)
github.com/cloudreve/cloudreve is vulnerable to cross-site scripting. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
Cross site scripting in Cloudreve
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
GHSA-FG25-GQ9G-32MX Cross site scripting in Cloudreve
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cloudreve versions v1.0.0 through v3.5.3 is vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
CVE-2022-32167
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...