Lucene search
K

1333 matches found

Nuclei
Nuclei
added 18 hours ago12 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.7AI score0.03816EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added yesterday4 views

Security update for perl-CGI-Session (moderate)

openSUSE Security Update: Security update for perl-CGI-Session Announcement ID: openSUSE-SU-2026:0240-1 Rating: moderate References: 1269983 Cross-References: CVE-2026-56016 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

5.9CVSS6.1AI score0.00322EPSS
Exploits0References1
The Hacker News
The Hacker News
added 3 days ago9 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
NVD
NVD
added 4 days ago7 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS0.00425EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42167

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References5
CVE
CVE
added 5 days ago13 views

CVE-2026-14495

CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 6 days ago4 views

Security update for perl-Crypt-SaltedHash (critical)

openSUSE Security Update: Security update for perl-Crypt-SaltedHash Announcement ID: openSUSE-SU-2026:0230-1 Rating: critical References: 1265912 1265927 Cross-References: CVE-2026-47372 CVE-2026-47373 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes two vulnerabilities is no...

9.1CVSS5.9AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/05 4:0 a.m.33 views

CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS0.00108EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:0 a.m.8 views

CVE-2026-14702

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/07/05 2:17 a.m.14 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS0.00508EPSS
Exploits0References4
OSV
OSV
added 2026/07/05 2:17 a.m.5 views

DEBIAN-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2026/07/05 2:17 a.m.4 views

UBUNTU-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:30 a.m.9 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00508EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/05 1:30 a.m.10 views

EUVD-2026-41713

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00508EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/05 1:30 a.m.6 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55751

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References10
NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 9:16 p.m.4 views

UBUNTU-CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS6AI score0.00379EPSS
Exploits0References4
Rows per page
Query Builder