CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/01 9:30 p.m.•2 views

EUVD-2026-17999

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.9AI score0.00016EPSS

Exploits0References3

Snyk•added 2026/03/31 11:43 p.m.•0 views

Insufficient Entropy

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

8.7CVSS5.9AI score

Exploits0References2

Packet Storm News•added 2026/02/09 12:0 a.m.•2 views

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

5.9AI score

Packet Storm News•added 2026/01/24 12:0 a.m.•2 views

On the Impossibility of Simulation Security for Quantum Functional Encryption

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE simulation security has been shown to be impossible in the classical setting, those impossibility results...

5.8AI score

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-13.el8_10.2 (AXSA:2024-8666:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8666:08 advisory. edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-45237 edk2: Temporary DoS...

7.5CVSS7.4AI score0.0041EPSS

Exploits0References4

OPENSUSE Linux•added 2026/01/17 12:0 a.m.•3 views

Security update for bind (important)

openSUSE security update: security update for bind ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20039-1 Rating: important References: bsc1230649 bsc1252378 bsc1252379 bsc1252380 Cross-References: CVE-2025-40778 CVE-2025-40780 CVE-2025-8677 CVSS...

9.2CVSS7AI score0.00071EPSS

Exploits1References4

RedHat Linux•added 2026/01/14 1:25 p.m.•7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.10 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

8.6CVSS6.7AI score0.00102EPSS

Exploits2References6

Tenable Nessus•added 2026/01/13 12:0 a.m.•1 views

MiracleLinux 9 : bind9.18-9.18.29-5.el9_7.2 (AXSA:2025-11540:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11540:06 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion v...

8.6CVSS6.5AI score0.00071EPSS

Exploits1References4

Tenable Nessus•added 2026/01/13 12:0 a.m.•1 views

MiracleLinux 8 : bind9.16-9.16.23-0.22.el8_10.4 (AXSA:2025-11061:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11061:02 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the...

8.6CVSS6.5AI score0.00025EPSS

Packet Storm News•added 2026/01/10 12:0 a.m.•1 views

QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials

FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...

6.7AI score

Packet Storm News•added 2025/12/19 12:0 a.m.•3 views

Cryptanalysis of Pseudorandom Error-Correcting Codes

Pseudorandom error-correcting codes PRC is a novel cryptographic primitive proposed at CRYPTO 2024. Due to the dual capability of pseudorandomness and error correction, PRC has been recognized as a promising foundational component for watermarking AI-generated content. However, the security of PR...

6.7AI score

Tenable Nessus•added 2025/12/03 12:0 a.m.•2 views

RockyLinux 9 : bind9.18 (RLSA-2025:21111)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21111 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

8.6CVSS6.7AI score0.00071EPSS

Exploits1References7

Tenable Nessus•added 2025/12/03 12:0 a.m.•2 views

RockyLinux 9 : bind (RLSA-2025:21110)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21110 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the...

Oracle linux•added 2025/11/25 12:0 a.m.•7 views

Exploits1References5

bind security update

32:9.16.23-34.0.1.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes with upstream changes - Address various spoofing attacks CVE-2025-40778 32:9.16.23-34 - Fix failures in idn...

8.6CVSS6.9AI score0.00025EPSS

Exploits1

OSV•added 2025/11/21 6:19 p.m.•4 views

RLSA-2025:21034 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

8.6CVSS5.5AI score0.00071EPSS

Exploits1References4

RedHat Linux•added 2025/11/20 8:47 p.m.•3 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RedHat Linux•added 2025/11/20 8:5 a.m.•3 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RedHat Linux•added 2025/11/12 10:49 a.m.•4 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...