1235 matches found
CVE-2026-25726
CVE-2026-25726 (Cloudreve) : Prior to 4.13.0, Cloudreve uses the weak Go PRNG math/rand seeded with time.Now().UnixNano() to generate critical secrets (secret_key, hash_id_salt) stored in the DB. An attacker can fetch the administrator account creation time via public APIs, brute-force the PRNG s...
CVE-2026-5087
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2025-15604
Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...
CVE-2025-15604
Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...
CVE-2026-3256
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...
PT-2026-28276
Name of the Vulnerable Software and Affected Versions Amon2 versions prior to 6.17 Description Amon2 for Perl utilizes an insecure random string implementation in its security functions. Versions 6.06 through 6.16 attempt to use /dev/urandom, but fall back to a SHA-1 hash seeded with the built-in...
USN-8094-2: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...
Security Bulletin: Multiple vulnerabilities in QRadar Suite Software
Summary Multiple vulnerabilities were addressed in IBM Security QRadar Suite Software version 1.11.9.0 Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose...
[SECURITY] Fedora 42 Update: perl-Crypt-SysRandom-XS-0.011-1.fc42
This module uses whatever C interface is available to procure cryptographically random data from the system...
EUVD-2025-208452
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603 open-webui JWT Key start_windows.bat random values
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603 open-webui JWT Key start_windows.bat random values
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...
CVE-2025-15603
The CVE affects open-webui up to 0.6.16, specifically the JWT Key Handler’s file backend/start_windows.bat. Manipulating the WEBUI_SECRET_KEY can produce insufficiently random values, enabling a remote attack. Exploitability is rated high complexity with no authentication required; impact shown a...
Open WebUI 安全特征问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI with open-source code. Versions of Open WebUI prior to 0.6.16 have a security vulnerability related to the parameter WEBUISECRETKEY, where insufficient randomness was present in the handling of this parameter...
[SECURITY] Fedora 44 Update: perl-Crypt-URandom-0.55-1.fc44
This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...