ROS-20260129-73-0049

Vulnerability in nextcloud-app-calendar related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

MiracleLinux 8 : nodejs:18 (AXSA:2025-9678:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9678:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable h...

EUVD-2018-5228

Malware in sbrugna...

EUVD-2022-46484

Malicious code in bioql PyPI...

EUVD-2023-44436

Malicious code in bioql PyPI...

EUVD-2025-16231

Malicious code in bioql PyPI...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006, 24.0.1-IF004 and 25.0.0-IF001. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random...

OESA-2025-2276 nodejs-form-data security update

A module to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications. Security Fixes: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program file...

DEBIAN-CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-1953

A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...

Wiesemann & Theis ComServer Use of Insufficiently Random Values (CVE-2022-42787)

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

CVE-2024-42163 Password Manipulation

Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...

GO-2024-2565 Use of Insufficiently Random Values in github.com/greenpau/caddy-security

Use of Insufficiently Random Values in github.com/greenpau/caddy-security...

NEC Aterm 安全漏洞

NEC Aterm is a series of wireless routers from Japan Electric NEC. A security vulnerability exists in NEC Aterm that stems from insufficient random values. The following products are affected: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS,...

Insufficiently Random Values

dfinity/auth-client and dfinity/identity are vulnerable to insecure key generation. The vulnerability is due to the Ed25519KeyIdentity.generate function as it uses an insecure seed for key pair generation when no seed value is provided. This flaw breaks the guarantee of secure randomness and can...

Siemens LOGO! CMR and SIMATIC RTU 3000 Use of Insufficiently Random Values (CVE-2021-37186)

A vulnerability has been identified in LOGO! CMR2020 All versions V2.2, LOGO! CMR2040 All versions V2.2, SIMATIC RTU3010C All versions V4.0.9, SIMATIC RTU3030C All versions V4.0.9, SIMATIC RTU3031C All versions V4.0.9, SIMATIC RTU3041C All versions V4.0.9. The underlying TCP/IP stack does not...

CVE-2023-39979

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...