Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 4:41 a.m.5 views

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS6.8AI score0.00223EPSS
Exploits0References1
FreeBSD
FreeBSDadded 2023/12/13 12:0 a.m.22 views

Gitlab -- vulnerabilities

Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...

8.8CVSS7.8AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/08/31 5:59 p.m.20 views

CVE-2023-41045 Insecure source port usage for DNS queries in Graylog

Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice sin...

3.7CVSS6.7AI score0.00168EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2023/07/06 8:51 p.m.18 views

Graylog vulnerable to insecure source port usage for DNS queries

Summary Graylog utilises only one single source port for DNS queries. Details Graylog seems to bind a single socket for outgoing DNS queries. That socket is bound to a random port number which is not changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered ho...

5.3CVSS6.7AI score0.00168EPSS
Exploits1References5Affected Software1
Prion
Prionadded 2021/03/23 9:15 p.m.10 views

Design/Logic Flaw

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

3.6CVSS4.7AI score0.00035EPSS
Exploits0References1
NVD
NVDadded 2019/09/14 12:15 a.m.13 views

CVE-2019-16303

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness apache.commons.lang3 RandomStringUtils. This allows an attacker if able to obtain their own password reset URL to compute the value for all other...

9.8CVSS9.7AI score0.01904EPSS
Exploits1References8
Hacker One
Hacker Oneadded 2019/07/09 1:7 p.m.31 views

Dropbox: Fedora installation instructions fetch repo and validation key from insecure source, allowing mitm attack

The reporter noted that our installation instructions for our Linux Desktop Client for Fedora specified HTTP urls instead of HTTPS. This could allow an attacker, with a privileged network position, the ability to swap the GPG key during installation allowing them to install a rogue signing key on...

0.9AI score
Exploits0
Veracode
Veracodeadded 2017/02/01 3:5 a.m.9 views

Man-in-the-Middle Via Usage Of Insecure Source

These libraries are vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

7.5AI score
Exploits0
Rows per page
Query Builder