PT-2026-42270

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.10 Description Crypt::SaltedHash for Perl generates insecure random values for salts because it utilizes the built-in rand function, which is predictable and unsuitable for cryptographic purposes...

CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic. CVE-2025-14505 The vulnerability have been addressed Vulnerability Details CVEID:CVE-2025-14505 DESCRIPTION: The ECDSA implementation of the Elliptic package generates incorrect signatures if a...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

EUVD-2026-17531

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

EUVD-2025-209033

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

Jervis 安全漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A security vulnerability exists in versions prior to Jervis 2.2 that stems from the deterministic derivation of AES IV from passwords, which could lead to cryptographic vulnerabilities...

EUVD-2025-20617

Malicious code in bioql PyPI...

EUVD-2025-28817

Malicious code in bioql PyPI...

Liferay DXP Missing Critical Step in Authentication

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

CVE-2025-9828

The CVE-2025-9828 entry concerns Tenda CP6 v11.10.00.243, where the uhttp component’s function sub_2B7D04 can be manipulated to trigger a risky cryptographic algorithm. The issue is exploitable remotely, with high complexity and no user interaction required. Multiple connected sources corroborate...