Lucene search
K

55 matches found

Cvelist
Cvelist
•added 2026/06/30 11:5 a.m.•33 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

0.00152EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/30 11:5 a.m.•6 views

EUVD-2026-40291

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.5AI score0.00103EPSS
Exploits0References1
CVE
CVE
•added 2026/05/29 12:31 p.m.•37 views

CVE-2026-49323

The CVE concerns the Indian Motorcycle Scout Bobber + Tech 2025 model year WCM–ECM link. Weak authentication allows an adjacent-network attacker with read access to passively capture one seed/key exchange and recover the per-vehicle immobilizer secret because the WCM’s response uses a reversible,...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
NVD
NVD
•added 2026/05/29 8:16 a.m.•16 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/05/29 7:29 a.m.•13 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References3Affected Software1
EUVD
EUVD
•added 2026/05/29 7:29 a.m.•14 views

EUVD-2026-33257

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/05/29 7:29 a.m.•42 views

CVE-2026-49322 Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user PIN from observed exchange

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•15 views

PT-2026-44758

Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech 2025 model year Description Weak authentication in the Wireless Control Module WCM allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•18 views

PT-2026-44829

Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech 2025 model year Description Weak authentication exists between the Wireless Control Module WCM and the Engine Control Module ECM. An adjacent-network attacker with read access to the in-vehicle network can...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References5
OSV
OSV
•added 2026/03/31 11:43 p.m.•3 views

GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

8.7CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
•added 2026/03/05 2:18 a.m.•31 views

CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

0.00409EPSS
Exploits0References2
Packet Storm
Packet Storm
•added 2026/01/28 12:0 a.m.•208 views

šŸ“„ Qualcomm CVP Kernel Pointer Leak

The Qualcomm CVP driver exposes kernel pointers to userland by returning a hashed session ID derived from a kernel pointer using hash32ptr. This function is not a cryptographic hash but a reversible fold that XORs the upper and lower 32 bits of the pointer. Due to predictable ARM64 kernel virtual...

5.5CVSS5.8AI score0.00069EPSS
Exploits2
RedhatCVE
RedhatCVE
•added 2026/01/14 8:22 p.m.•6 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/01/13 8:16 p.m.•10 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS0.00231EPSS
Exploits0References2
OSV
OSV
•added 2026/01/13 7:29 p.m.•7 views

CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.7AI score0.00231EPSS
Exploits0References4
OSV
OSV
•added 2026/01/13 2:55 p.m.•6 views

GHSA-C9Q6-G3HR-8GWW Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

8.2CVSS6.8AI score0.00231EPSS
Exploits0References6
CNNVD
CNNVD
•added 2026/01/13 12:0 a.m.•6 views

Jervis å®‰å…Øē‰¹å¾é—®é¢˜ę¼ę“ž

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

8.2CVSS5.8AI score0.00231EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2025/12/10 4:32 a.m.•6 views

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.8CVSS7.2AI score0.00452EPSS
Exploits1References1
NVD
NVD
•added 2025/12/09 4:18 p.m.•5 views

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.8CVSS0.00452EPSS
Exploits1References4
Rows per page
Query Builder