Monthly
Mbed TLS before version 3.6.6 and TF-PSA-Crypto before version 1.1.0 contain a PRNG seed misuse vulnerability that enables information disclosure. An attacker who gains access to a seeded PRNG instance can potentially predict or replicate pseudo-random number generation, compromising cryptographic material confidentiality. The vulnerability affects cryptographic libraries used in embedded systems and IoT devices, with confirmed availability of vendor security advisories but no CVSS score assigned at time of analysis.
CVE-2026-3503 is a security vulnerability (CVSS 4.3) that allows a physical attacker. Remediation should follow standard vulnerability management procedures.
Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mbed TLS before version 3.6.6 and TF-PSA-Crypto before version 1.1.0 contain a PRNG seed misuse vulnerability that enables information disclosure. An attacker who gains access to a seeded PRNG instance can potentially predict or replicate pseudo-random number generation, compromising cryptographic material confidentiality. The vulnerability affects cryptographic libraries used in embedded systems and IoT devices, with confirmed availability of vendor security advisories but no CVSS score assigned at time of analysis.
CVE-2026-3503 is a security vulnerability (CVSS 4.3) that allows a physical attacker. Remediation should follow standard vulnerability management procedures.
Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.