Lucene search
K

825 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 10:31 p.m.5 views

Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)

Impact This vulnerability affects Cloudreve instances that were first deployed/initialized with versions prior to V4.10.0. The application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and...

9.8CVSS5.9AI score0.00376EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/31 10:31 p.m.3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.1 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 10:31 p.m.4 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

9.8CVSS5.8AI score0.00376EPSS
Exploits0References2
Fedora
Fedora
added 2026/03/29 1:8 a.m.10 views

[SECURITY] Fedora 42 Update: rust-pty-process-0.5.3-1.fc42

Spawn commands attached to a pty...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
Fedora
Fedora
added 2026/03/29 12:18 a.m.6 views

[SECURITY] Fedora 44 Update: rust-pty-process-0.5.3-1.fc44

Spawn commands attached to a pty...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.2 views

CVE-2026-23375

In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes filethpenabled incorrectly allows THP for files on anonymous inodes e.g. guestmemfd and secretmem. These files are created via allocfilepseudo, which does not call getwriteaccess an...

5.6AI score0.00119EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

EulerOS Virtualization 2.13.1 : bind (EulerOS-SA-2026-1633)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

8.6CVSS6.9AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.1 : bind (EulerOS-SA-2026-1417)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

8.6CVSS5.9AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.0 : bind (EulerOS-SA-2026-1474)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

8.6CVSS5.9AI score0.00509EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP11 : bind (EulerOS-SA-2026-1570)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the...

8.6CVSS5.9AI score0.00509EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/03/13 8:18 a.m.4 views

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.10 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : util-linux vulnerability (USN-8091-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8091-1 advisory. It was discovered that the util-linux su utility did not drop capabilities when being used with the --pty option. While not a...

5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/12 8:57 p.m.7 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00523EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2026/03/12 7:59 p.m.10 views

USN-8091-1: util-linux vulnerability

It was discovered that the util-linux su utility did not drop capabilities when being used with the --pty option. While not a security issue by itself, a local attacker could possibly use the su tool to exploit vulnerabilities in other applications...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/06 7:0 p.m.3 views

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG in the loop plugin during self-test on server startup. An attacker can cause the DNS server to crash by sending specially crafted DNS queries that exploit the use of a predictable...

8.2CVSS5.8AI score0.01068EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:35 p.m.5 views

CVE-2026-26018

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...

7.5CVSS5.7AI score0.01068EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 3:35 p.m.2 views

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...

7.5CVSS5.7AI score0.01068EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/05 2:47 p.m.41 views

CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

8.7CVSS0.0024EPSS
Exploits1References3
Rows per page
Query Builder