Lucene search
K

1302 matches found

Debian CVE
Debian CVE
added 2025/09/25 12:0 a.m.3 views

CVE-2025-55556

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application...

6.5CVSS5.2AI score0.00161EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/09/20 2:33 p.m.13 views

CVE-2025-10671

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

6.3CVSS6.2AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2025/09/18 3:15 p.m.5 views

CVE-2025-10671

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

6.3CVSS0.00401EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/18 2:32 p.m.11 views

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

6.3CVSS0.00401EPSS
Exploits0References4
CVE
CVE
added 2025/09/18 2:32 p.m.14 views

CVE-2025-10671

CVE-2025-10671 concerns youth-is-as-pale-as-poetry e-learning 1.0, specifically the JWT Token Handler’s JwtUtils.encryptSecret. Multiple connected sources confirm the vulnerability is due to insufficiently random values generated by encryptSecret, which can be exploited remotely. The issue affect...

6.3CVSS4.5AI score0.00401EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/18 2:32 p.m.3 views

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

6.3CVSS4.2AI score0.00401EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.4 views

PT-2025-38404

Name of the Vulnerable Software and Affected Versions youth-is-as-pale-as-poetry e-learning version 1.0 Description A vulnerability exists due to insufficiently random values generated by the encryptSecret function within the JWT Token Handler component. The vulnerable file is...

6.3CVSS4.4AI score0.00401EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:29 p.m.7 views

Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)

Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...

7.8CVSS7.1AI score0.00329EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/11 3:19 a.m.13 views

CVE-2025-42925

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.4 views

What You Code Is What We Prove: Translating BLE App Logic into Formal Models with LLMs for Vulnerability Detection

The application layer of Bluetooth Low Energy BLE is a growing source of security vulnerabilities, as developers often neglect to implement critical protections such as encryption, authentication, and freshness. While formal verification offers a principled way to check these properties, the manu...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.2 views

WordPress plugin Analytics Reduce Bounce Rate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS6.3AI score0.00151EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 9:58 p.m.10 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary A vulnerability in crypto.js library affects IBM WebSphere Application Server Liberty with the openidConnectServer-1.0 feature enabled. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the stri...

5.3CVSS5.5AI score0.01075EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-27743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libtac in pamtacplus through 1.5.1 lacks a check for a failure of RANDbytes/RANDpseudobytes. This could lead to use of a non-random/predictable sessionid...

9.8CVSS8.2AI score0.01715EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2010-3804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak...

5.8CVSS8.3AI score0.09126EPSS
Exploits1References2
NVD
NVD
added 2025/09/09 2:15 a.m.38 views

CVE-2025-42925

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

4.3CVSS0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

SAP NetWeaver AS Java 安全漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A security vulnerability exists in SAP NetWeaver AS Java that stems from a lack of randomness and could lead to predictive identifiers...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-11671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4...

4CVSS6.1AI score0.00442EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 8:10 a.m.4 views

Security Bulletin: A vulnerability in form-data may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-7783)

Summary There is a vulnerability in form-data used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerabili...

9.4CVSS4.8AI score0.01735EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-7010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the...

7.5CVSS7.2AI score0.01439EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/31 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-40920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a stro...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References3
Rows per page
Query Builder