CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

130 matches found

CVE•added 2026/05/28 9:2 a.m.•14 views

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

6CVSS5.8AI score0.0002EPSS

Exploits0References2

Schneier on Security•added 2026/02/26 12:7 p.m.•6 views

LLMs Generate Predictable Passwords

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven for example, L , 9, m, 2, $ and...

5.7AI score

Exploits0

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-6066

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose versions 6.4.50 and later Description A security issue exists in Rapid7 Nexpose related to insufficient entropy in the CredentialsKeyStorePassword.generateRandomPassword method. This can impact the randomness of generated...

6.8CVSS5.4AI score0.00007EPSS

Exploits0References4

RedhatCVE•added 2025/12/10 8:36 a.m.•3 views

CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS6.9AI score0.00027EPSS

Exploits0References1

Cvelist•added 2025/12/09 3:31 a.m.•29 views

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

9.1CVSS0.0008EPSS

Exploits1References4

CVE•added 2025/12/09 3:31 a.m.•13 views

CVE-2025-67504

CVE-2025-67504 affects WBCE CMS (versions 1.6.4 and earlier). The root cause is the use of GenerateRandomPassword() which relies on PHP’s rand(), a non-cryptographically secure RNG. This weakness can allow generated password sequences to be predicted or brute-forced, potentially enabling user acc...

9.8CVSS6.8AI score0.0008EPSS

Exploits1References4Affected Software1

EUVD•added 2025/12/09 3:31 a.m.•2 views

EUVD-2025-201876

9.1CVSS6.7AI score0.0008EPSS

Exploits1References4

Vulnrichment•added 2025/12/09 3:31 a.m.•3 views

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

9.1CVSS6.8AI score0.0008EPSS

Exploits1References4

OSV•added 2025/12/09 3:31 a.m.•3 views

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

9.1CVSS7.2AI score0.0008EPSS

Exploits1References6

RedhatCVE•added 2025/11/11 8:44 a.m.•2 views

CVE-2025-41731

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

7.4CVSS6.9AI score0.00028EPSS

Exploits0References1