Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Link Resolution Before File Access ('Link Following'), Use of Insufficiently Random Values, Insecure Temporary File (CVE-2026-40977, CVE-2026-40975, CVE-2026-40973)

Summary There are vulnerabilities in spring-boot-3.5.12.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40977, CVE-2026-40975, CVE-2026-40973. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as...

EUVD-2022-28229

Malicious code in bioql PyPI...

CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...

The vulnerability of the caddy-security authentication plugin, related to the use of insufficiently random values, allows attackers to execute OAuth interception attacks and generate insecure, repeated authentication and API key checks in the database.

The vulnerability of the caddy-security authentication plugin is related to the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to execute an OAuth hijacking attack and generate insecure, repeated authentication and API key checks in the database...

The vulnerability of Intel Quartus Prime Pro automated design systems for Linux, related to the use of insufficiently random values, allows a hacker to gain unauthorized access to protected information.

The vulnerability of Intel Quartus Prime Pro, a automated design system for Linux, is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...

CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...

CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...

Design/Logic Flaw

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...

CVE-2022-23138

The CVE-2022-23138 entry concerns ZTE MF297D devices with a cryptographic weakness caused by the use of weak random values. The vulnerability may reduce device security and expose risk of attack. Connected records corroborate a cryptographic issue affecting MF297D, with Red Hat and NVD references...

CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...

The vulnerability of the VMware InstallBuilder development and automatic installer tool for Windows operating systems arises from the use of insufficiently random values. This allows a malicious individual to exploit their privileges.

The vulnerability of the VMware InstallBuilder tool for developing and automating installer installations on Windows operating systems is related to the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to gain increased privileges...

Default credentials

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack...