CVE-2025-66630

Fiber is a Go web framework. Before 2.52.11 and on Go

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

PT-2026-7122

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.11 Fiber versions prior to 2.52.11 running on Go versions prior to 1.24 Description The Fiber framework, an Express-inspired web framework written in Go, is susceptible to generating predictable identifiers when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-form-data (UTSA-2026-005212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005212 advisory. Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

CVE-2025-59103

The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users...

EUVD-2025-206329

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

GHSA-RJR4-V43M-PXQ6 Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

EUVD-2026-4159

Triton VM Soundness Vulnerability due to Improper Sampling of Randomness...

Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

MiracleLinux 9 : skopeo-1.11.2-0.1.el9 (AXSA:2023-5634:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5634:02 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session tickets lack random...

MiracleLinux 8 : nodejs:18 (AXSA:2023-6227:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6227:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

MiracleLinux 9 : nodejs-16.17.1-1.el9 (AXSA:2022-4091:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4091:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 8 : nodejs:16 (AXSA:2023-6226:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6226:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

MiracleLinux 8 : [security - high] nodejs:16 (AXSA:2022-3898:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3898:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 8 : nodejs:18 (AXSA:2022-4480:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4480:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

MiracleLinux 8 : samba-4.17.5-2.el8 (AXSA:2023-5985:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5985:08 advisory. samba: GnuTLS gnutlsrnd can fail and give predictable random values CVE-2022-1615 Tenable has extracted the preceding description block directly from the...