CVE-2026-40975

CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...

EUVD-2026-25939

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

PT-2026-35547

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

SUSE-SU-2026:20085-1 Security update for bind

This update for bind fixes the following issues: - Upgrade to release 9.20.15 Security Fixes: CVE-2025-40778: Fixed cache poisoning attacks with unsolicited RRs bsc1252379 CVE-2025-40780: Fixed cache poisoning due to weak PRNG bsc1252380 CVE-2025-8677: Fixed resource exhaustion via malformed DNSK...

CVE-2017-18486

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...

Oracle Linux 10 : bind (ELSA-2025-21034)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21034 advisory. - Fix upstream reported regression in recent CVE fix CVE-2025-8677 - Refuse malformed DNSKEY records CVE-2025-8677 - Address various spoofing attacks...

Oracle Linux 9 : bind (ELSA-2025-21110)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21110 advisory. - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

bind9.18 security update

32:9.18.29-4.2 - Fix upstream reported regression in recent CVE fix CVE-2025-8677 - Add upstream created test to this regression 32:9.18.29-4.1 - Refuse malformed DNSKEY records CVE-2025-8677 - Address various spoofing attacks CVE-2025-40778 - Prevent cache poisoning due to weak PRNG CVE-2025-407...

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

CVE-2025-40780 Cache poisoning due to weak PRNG

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

EUVD-2024-52035

Malicious code in bioql PyPI...

CVE-2013-2803

ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

CVE-2024-53702

CVE-2024-53702 describes a cryptographically weak PRNG issue in the SonicWall SMA100 SSLVPN backup code generator, allowing an attacker to potentially predict the generated secret. Affected product: SonicWall SMA100 SSLVPN (backup code generator). Root cause: use of a weak PRNG. Impact: potential...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

TortoiseSVN < 1.14.7 Weak PRNG Vulnerability

TortoiseSVN 1.14.6 contains a vulnerable version of Putty SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...