CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

ATTACKERKB•added 2026/04/03 8:6 p.m.•1 views

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

8.1CVSS5.8AI score0.00023EPSS

Exploits0References3Affected Software1

Snyk•added 2026/03/31 10:31 p.m.•0 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00023EPSS

Exploits0References2

Snyk•added 2026/03/31 10:31 p.m.•3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

9.8CVSS5.8AI score0.00023EPSS

Exploits0References2

Snyk•added 2026/03/31 10:31 p.m.•1 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

9.8CVSS5.8AI score0.00023EPSS

Exploits0References2

Github Security Blog•added 2026/03/31 10:31 p.m.•2 views

Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)

Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...

9.8CVSS5.9AI score0.00023EPSS

Exploits0References4Affected Software1

Snyk•added 2026/03/31 10:31 p.m.•2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

9.8CVSS5.8AI score0.00023EPSS

Exploits0References2