Lucene search
+L

281 matches found

NVD
NVD
added 2026/01/20 10:15 p.m.10 views

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

7.5CVSS0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.6 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

7.5CVSS7AI score0.00383EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:27 a.m.6 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7CVSS6.9AI score0.00145EPSS
Exploits0Affected Software2
Cvelist
Cvelist
added 2025/12/26 11:43 p.m.23 views

CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...

6.3CVSS0.00498EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 11:8 a.m.5 views

Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data

Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS5.5AI score0.00382EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/12/08 5:57 p.m.6 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

9.8CVSS7.7AI score0.00409EPSS
Exploits0References4
CNVD
CNVD
added 2025/11/27 12:0 a.m.6 views

IBM Concert Encryption Issues Vulnerabilities

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...

7.5CVSS6.7AI score0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/26 8:50 a.m.3 views

CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

6.8AI score0.00597EPSS
Exploits0References1
OSV
OSV
added 2025/11/10 7:15 p.m.3 views

CVE-2025-43723

Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

7.5CVSS5.8AI score0.0018EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...

7CVSS6.9AI score0.00145EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/21 6:33 p.m.6 views

CVE-2025-6515

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS6.8AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-22792

Malware in sbrugna...

8.1CVSS8.1AI score0.01136EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-11671

Malware in sbrugna...

7.5CVSS7.5AI score0.00593EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26399

Malware in sbrugna...

4.2CVSS4.6AI score0.00452EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-15028

Malware in sbrugna...

8.1CVSS8.1AI score0.01579EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26119

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3238

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01186EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-52035

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-37341

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-21693

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00329EPSS
Exploits0References4
Rows per page
Query Builder