PT-2026-29586

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

GHSA-35CQ-WV6V-88XF Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider...

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

[SECURITY] Fedora 44 Update: rust-1.94.1-1.fc44

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the payment receipt PDF generation module, which could lead...

nuxt-og-image 跨站脚本漏洞

nuxt-og-image is a tool developed by Nuxt Modules for generating social media previews for Nuxt applications. Versions of nuxt-og-image prior to version 6.2.5 had a cross-site scripting vulnerability. This vulnerability stemmed from the image generation component, which allowed arbitrary attribut...

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

CVE-2026-30308

CVE-2026-30308 affects HAI Build Code Generator's automatic terminal command execution feature. The tool offers two options: Execute safe commands or Execute all commands. The root cause is prompt-injection-based bypass: an attacker can wrap a malicious command in a generic template and mislead t...

SUSE: Security Advisory (SUSE-SU-2026:1090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...