Lucene search
K

168 matches found

CVE
CVE
added 2 days ago17 views

CVE-2026-61500

Affected software: Rejetto HFS 3.0.0–3.2.0. Root cause: session-cookie signing key derived from the non‑cryptographic Math.random() generator; outputs disclosed to unauthenticated clients during login. Impact: remote attacker can observe login responses, reconstruct the generator state, recover t...

9.8CVSS6.5AI score0.00747EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/26 8:7 a.m.7 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00309EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39591

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS5.9AI score0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 6:0 a.m.6 views

CVE-2026-10530

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox...

5.9AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:58 a.m.11 views

USN-8418-1 libcrypt-saltedhash-perl vulnerability

It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically weak pseudo-random number generator. An attacker could possibly use this issue to predict generated salts, leading to a weakening of cryptographic protections...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-41838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequa...

7.5CVSS5.4AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47589

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

6.8CVSS5.5AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5083

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

5.3CVSS5.4AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:42 p.m.10 views

CVE-2026-35089 Use of Weak Credentials in Slican telephone exchanges

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.8AI score0.00662EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 6:53 p.m.3 views

CVE-2026-46473 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS5.9AI score0.00416EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox

A HTTP digest authentication nonce value was generated using rand, which may result in predictable values. This vulnerability affects Firefox versions less than 126...

5.9CVSS7.3AI score0.00217EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.14 views

WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.7AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 10:10 p.m.9 views

CVE-2026-8700

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

5.8AI score0.00355EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:16 p.m.8 views

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:49 a.m.5 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 1:38 a.m.3 views

CVE-2026-40496 FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: md5APPKEY + attachmentid + size. Since attachmentid is sequential and size can be brute-forced in a small range, an unauthenticate...

9.3CVSS5.7AI score0.00403EPSS
Exploits1References3
NVD
NVD
added 2026/04/07 9:16 a.m.5 views

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS0.00269EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.6 views

SUSE CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS5.9AI score0.00269EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.0 : avahi (EulerOS-SA-2026-1473)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where...

5.3CVSS7.2AI score0.00681EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.9 views

NewStart CGSL MAIN 6.06 (SP) : cloud-init Multiple Vulnerabilities (NS-SA-2026-0026)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some...

7.1CVSS5.9AI score0.00438EPSS
Exploits0References7
Rows per page
Query Builder