Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52 matches found

CVE
CVEadded 6 days ago13 views

CVE-2026-49323

The CVE concerns the Indian Motorcycle Scout Bobber + Tech 2025 model year WCM–ECM link. Weak authentication allows an adjacent-network attacker with read access to passively capture one seed/key exchange and recover the per-vehicle immobilizer secret because the WCM’s response uses a reversible,...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References1
NVD
NVDadded 6 days ago6 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS0.00013EPSS
Exploits0References1
EUVD
EUVDadded 6 days ago5 views

EUVD-2026-33257

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References1
Cvelist
Cvelistadded 6 days ago25 views

CVE-2026-49322 Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user PIN from observed exchange

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS0.00013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 6 days ago5 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 6 days ago4 views

PT-2026-44758

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 6 days ago6 views

PT-2026-44829

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

4.3CVSS5.8AI score0.00013EPSS
Exploits0References2
OSV
OSVadded 2026/03/31 11:43 p.m.1 views

GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

8.7CVSS5.9AI score
Exploits0References3
Cvelist
Cvelistadded 2026/03/05 2:18 a.m.25 views

CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

0.00015EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2026/01/28 12:0 a.m.167 views

📄 Qualcomm CVP Kernel Pointer Leak

The Qualcomm CVP driver exposes kernel pointers to userland by returning a hashed session ID derived from a kernel pointer using hash32ptr. This function is not a cryptographic hash but a reversible fold that XORs the upper and lower 32 bits of the pointer. Due to predictable ARM64 kernel virtual...

5.5CVSS5.8AI score0.00017EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2026/01/14 8:22 p.m.3 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.8AI score0.00059EPSS
Exploits0References1
NVD
NVDadded 2026/01/13 8:16 p.m.3 views

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS0.00059EPSS
Exploits0References2
OSV
OSVadded 2026/01/13 7:29 p.m.4 views

CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

8.2CVSS6.7AI score0.00059EPSS
Exploits0References4
OSV
OSVadded 2026/01/13 2:55 p.m.4 views

GHSA-C9Q6-G3HR-8GWW Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

8.2CVSS6.8AI score0.00059EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/01/13 12:0 a.m.2 views

Jervis 安全特征问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

8.2CVSS5.8AI score0.00059EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/12/10 4:32 a.m.1 views

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.8CVSS7.2AI score0.0008EPSS
Exploits1References1
NVD
NVDadded 2025/12/09 4:18 p.m.2 views

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.8CVSS0.0008EPSS
Exploits1References4
CVE
CVEadded 2025/12/09 3:31 a.m.9 views

CVE-2025-67504

CVE-2025-67504 affects WBCE CMS (versions 1.6.4 and earlier). The root cause is the use of GenerateRandomPassword() which relies on PHP’s rand(), a non-cryptographically secure RNG. This weakness can allow generated password sequences to be predicted or brute-forced, potentially enabling user acc...

9.8CVSS6.8AI score0.0008EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/10/23 11:17 p.m.6 views

CVE-2025-62710

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS6.7AI score0.00026EPSS
Exploits0References1
NVD
NVDadded 2025/10/22 11:15 p.m.3 views

CVE-2025-62710

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS0.00026EPSS
Exploits0References2
Rows per page
Query Builder