CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

PT-2025-15066 · Unknown +1 · Amon2::Auth::Site::Line +2

Name of the Vulnerable Software and Affected Versions: Amon2::Auth::Site::LINE versions up to 0.04 Description: The issue concerns the use of a predictable random number generator. Amon2::Auth::Site::LINE utilizes the String::Random module to generate nonce values, which defaults to Perl's built-...

MetaCPAN DBIx::Class::EncodedColumn 安全漏洞

MetaCPAN DBIx::Class::EncodedColumn is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN DBIx::Class::EncodedColumn versions prior to 0.00032, which stems from the use of a non-cryptographically secure rand function for password hash salting...

c-ares: Insufficient randomness in generation of DNS query IDs

A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...