CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting

Stray Random Quotes WordPress plugin = 1.9.9 contains a reflected cross-site scripting caused by a lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL...

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

EUVD-2025-210027

Memory Corruption when sending random number generator command with insufficient output buffer size...

CVE-2025-59614

Memory Corruption when sending random number generator command with insufficient output buffer size...

CVE-2025-59614 Out-of-bounds Write in Windows Compute

Memory Corruption when sending random number generator command with insufficient output buffer size...

CVE-2025-59614 Out-of-bounds Write in Windows Compute

Memory Corruption when sending random number generator command with insufficient output buffer size...

CVE-2025-59614

Technical details for CVE-2025-59614 are not publicly available in the provided documents. Monitor for updates from NVD and Qualcomm security bulletins.

CVE-2025-59614

Memory Corruption when sending random number generator command with insufficient output buffer size...

PT-2026-45637

Memory Corruption when sending random number generator command with insufficient output buffer size...

Qualcomm Chipsets Buffer Error Vulnerability

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a buffer error vulnerability, which stems from insufficient output buffer size during the execution of random number generator commands, leading to memory corruption...

[SECURITY] Fedora 43 Update: haveged-1.9.22-1.fc43

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

CVE-2026-46156

The CVE CVE-2026-46156 concerns a Loongson-specific kernel issue in the Linux kernel where loongson_gpu_fixup_dma_hang() could read from an invalid address due to using base+PCI_DEVICE_ID with a device from pdev-&gt;devfn+1. This could lead to ADE on Loongson GPUs embedded via PCIe during DMA Han...

CVE-2026-45949

A flaw was found in the Linux kernel's hardware random number generator hwrng core. A race condition exists where concurrent or rapid calls to the hwrngunregister function can lead to a use-after-free vulnerability. This issue allows the system to attempt to access freed memory, potentially causi...

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by...

EUVD-2026-32233

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

USN-8325-1: tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...

USN-8325-1 tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...