Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

GHSA-M4X9-HX6X-2C43 Spring Boot's random value property source uses a weak PRNG unsuitable for secrets

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

Spring Boot's random value property source uses a weak PRNG unsuitable for secrets

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

EUVD-2026-25939

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

CVE-2026-40975

CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

PT-2026-35547

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the logic used in schnetem for handling data packets. This logic uses an unconstrained random val...

EUVD-2025-209143

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

WordPress plugin Events Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...