CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

Fedora 44 : perl-Crypt-PasswdMD5 (2026-30d86fe986)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-30d86fe986 advisory. This update uses a cryptographically strong random number source rather than perl's rand function to generate random salt values when required CVE-2026-6659...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

[SECURITY] Fedora 42 Update: perl-Crypt-SysRandom-XS-0.011-1.fc42

This module uses whatever C interface is available to procure cryptographically random data from the system...

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

PT-2026-21579

Name of the Vulnerable Software and Affected Versions Smolder versions through 1.51 Description Smolder for Perl versions through 1.51 utilizes an insecure rand function for cryptographic operations. Specifically, Smolder::DB::Developer employs the Data::Random library, which relies on the rand...

GO-2026-4471 Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber

Fiber has an insecure fallback in utils.UUIDv4 / utils.UUID — predictable / zero‑UUID on crypto/rand failure in github.com/gofiber/fiber...

AI-generated passwords are a security risk

Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

CVE-2025-67504

CVE-2025-67504 affects WBCE CMS (versions 1.6.4 and earlier). The root cause is the use of GenerateRandomPassword() which relies on PHP’s rand(), a non-cryptographically secure RNG. This weakness can allow generated password sequences to be predicted or brute-forced, potentially enabling user acc...

CVE-2025-66565

Fiber Utils (github.com/gofiber/utils) has a vulnerability in UUIDv4() and UUID() where crypto/rand.Read() failures trigger silent fallbacks to predictable UUID values, including the zero UUID 00000000-0000-0000-0000-000000000000. This root cause affects versions up to 2.0.0-rc.3; the issue is fi...

CVE-2025-66565 Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, including the zero UUID...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not ensuring that setent is always present, which could lead to problems with cryptographic random number...

Linux Distros Unpatched Vulnerability : CVE-2019-9898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. CVE-2019-9898 Note that Nessus relies on the presence of the package...

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

Joint Data Hiding and Partial Encryption of Compressive Sensed Streams

The paper proposes a method to secure the Compressive Sensing CS streams. It consists in protecting part of the measurements by a secret key and inserting the code into the rest. The secret key is generated via a cryptographically secure pseudo-random number generator CSPRNG and XORed with the...

CVE-2022-23472

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

PT-2025-15066 · Unknown +1 · Amon2::Auth::Site::Line +2

Name of the Vulnerable Software and Affected Versions: Amon2::Auth::Site::LINE versions up to 0.04 Description: The issue concerns the use of a predictable random number generator. Amon2::Auth::Site::LINE utilizes the String::Random module to generate nonce values, which defaults to Perl's built-...