Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:20 p.m.7 views

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References1
CVE
CVEadded 2026/06/04 2:33 p.m.15 views

CVE-2026-43986

Tautulli (Python-based tool for Plex) prior to v2.17.1 exposes a public /image/ endpoint that uses image_hash_lookup to replay server-side image fetch logic. A low-privilege guest can seed a malicious external image URL and trigger SSRF via an unauthenticated endpoint, turning an authenticated SS...

9.9CVSS5.9AI score0.00262EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/04 2:10 a.m.35 views

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/04 2:10 a.m.5 views

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/04 2:10 a.m.6 views

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.10 views

PT-2026-39577

Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...

6.5CVSS5.8AI score0.00304EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/04/08 5:53 a.m.2 views

CVE-2026-5083 Ado::Sessions versions through 0.935 for Perl generates insecure session ids

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

5.8AI score0.00428EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/03 8:6 p.m.1 views

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/30 10:54 a.m.2 views

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/28 6:52 p.m.2 views

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

5.8AI score0.0053EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/06 7:55 a.m.3 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/06 1:34 a.m.5 views

CVE-2025-40926

Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/05 1:41 a.m.4 views

CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

5.8AI score0.00583EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.3 views

PT-2026-23117

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Simple versions through 0.04 Description The software generates session IDs insecurely. The default session ID generator uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID...

9.8CVSS5.8AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.4 views

PT-2026-23118

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::MD5 versions through 1.94 Description The software generates session IDs insecurely. The default session ID generator uses an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. T...

9.1CVSS5.7AI score0.00583EPSS
Exploits0References24
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.2 views

PT-2026-22228

Name of the Vulnerable Software and Affected Versions Apache::SessionX versions through 2.01 Description Apache::SessionX generates session IDs insecurely. The default session ID generator returns an MD5 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

8.2CVSS5.9AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/02/13 7:18 p.m.6 views

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS5.5AI score0.00367EPSS
Exploits1References1
CVE
CVEadded 2026/02/12 6:38 p.m.8 views

CVE-2026-26218

CVE-2026-26218 affects newbee-mall where the database initialization script seeds administrator accounts with a predictable default password. This enables unauthenticated attackers to log in as an administrator and gain full control of the application if the default credentials are not changed du...

9.8CVSS5.5AI score0.00367EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/12 6:38 p.m.2 views

CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS5.5AI score0.00367EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.20 views

EUVD-2025-30364

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.00328EPSS
Exploits0References4
Rows per page
Query Builder