CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-41858

The CVE fixes a weakness in Get-RandomPassword within BOSH-Ecosystem’s windows-utilities-release. The password for the Administrator account is derived from a clock-seeded PRNG, allowing a network attacker who can estimate VM boot time to reconstruct a small candidate list and recover the Adminis...

EUVD-2026-34195

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

PT-2026-46132

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomize password job exists solely ...

MiracleLinux 8 : cloud-init-19.4-11.el8 (AXSA:2021-1222:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1222:01 advisory. cloud-init: Use of random.choice when generating random password CVE-2020-8631 cloud-init: Too short random password length in ccsetpassword in...

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

WordPress plugin Optional Email 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

EUVD-2020-29479

Malware in sbrugna...

EUVD-2022-38791

Malicious code in bioql PyPI...

Google Android Information Disclosure Vulnerability (CNVD-2025-23028)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an insecure default value flaw in the generateRandomPasword function in LocalBluetoothLeBroadcast.java. An attacker can exploit the leak to obtai...

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

PT-2025-36040

Name of the Vulnerable Software and Affected Versions: LocalBluetoothLeBroadcast.java affected versions not specified Description: An issue exists in the generateRandomPassword function of LocalBluetoothLeBroadcast.java that may allow interception of the Auracast audio stream due to an insecure...

ASB-A-389127608

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

NewStart CGSL MAIN 7.02 : cloud-init Multiple Vulnerabilities (NS-SA-2025-0173)

The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by multiple vulnerabilities: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed...

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

RHEL 6 : cloud-init (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 - cloud-init through...

Oracle Linux 7 : cloud-init (ELSA-2020-3898)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3898 advisory. - Resolves: bz1574338 CVE-2018-10896 cloud-init: SSH host keys are not regenerated for the new instances rhel-7 - Resolves: bz1812170 CVE-2020-8632...