Insecure Randomness

Formidable is vulnerable to Insecure Randomness. The vulnerability is due to weak randomness due to the use of the non-cryptographically secure hexoid module for generating temporary filenames for untrusted content...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

Mojolicious 安全漏洞

Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of an insecure rand function to generate weak HMAC session keys, which could lead to brute-force breaking of session keys...

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details CVEID:CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

CVE-2025-3923

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...

CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to its use of the hexoid function in the generation of fingerprint IDs. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Vulnerability Report Credit: ZAST.AI...

Delta Electronics COMMGR 安全漏洞

Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...

CLSA-2025-1744719966 Fix CVE(s): CVE-2020-10729

SECURITY UPDATE: insufficiently random password generation vulnerability - debian/patches/CVE-2020-10729.patch: Fix issue with caching Jinja2 expressions, only cache results of single variable names - CVE-2020-10729...

PT-2025-16552 · Delta Electronics · Commgr

Name of the Vulnerable Software and Affected Versions: Delta Electronics COMMGR versions 1 through 2 Description: The issue is related to insufficiently randomized values used to generate session IDs, which could allow an attacker to brute force a session ID and potentially load and execute...

UBUNTU-CVE-2024-57868

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

MetaCPAN WebService::Xero 安全漏洞

MetaCPAN WebService::Xero is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN WebService::Xero version 0.11 and earlier that stems from the use of an insecure random number generator...

PT-2025-15066 · Unknown +1 · Amon2::Auth::Site::Line +2

Name of the Vulnerable Software and Affected Versions: Amon2::Auth::Site::LINE versions up to 0.04 Description: The issue concerns the use of a predictable random number generator. Amon2::Auth::Site::LINE utilizes the String::Random module to generate nonce values, which defaults to Perl's built-...

MetaCPAN Web::API 安全漏洞

MetaCPAN Web::API is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Web::API version 2.8 and earlier that stems from the use of an insecure random number generator...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to the use of insufficiently random values in Golang (CVE-2022-30629)

Summary Golang is used by IBM Storage Fusion Data Foundation as part of the operator's intrinsic functionality. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30629. Vulnerability Details CVEID:CVE-2022-30629 DESCRIPTION:...

MetaCPAN Crypt::Salt 安全特征问题漏洞

MetaCPAN Crypt::Salt is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Crypt::Salt version 0.01, which stems from the use of an insecure rand function when generating cryptographic salts...

PT-2025-14484 · Unknown · Crypt::Salt

Name of the Vulnerable Software and Affected Versions: Crypt::Salt for Perl version 0.01 Description: The issue concerns the use of an insecure rand function when generating salts for cryptographic purposes. This could potentially lead to weaknesses in the cryptographic mechanisms that rely on...

MetaCPAN DBIx::Class::EncodedColumn 安全漏洞

MetaCPAN DBIx::Class::EncodedColumn is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN DBIx::Class::EncodedColumn versions prior to 0.00032, which stems from the use of a non-cryptographically secure rand function for password hash salting...

MetaCPAN DBIx::Class::EncodedColumn 安全漏洞

MetaCPAN DBIx::Class::EncodedColumn is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN DBIx::Class::EncodedColumn versions prior to 0.00032, which stems from the use of a non-cryptographically secure rand function for password hash salting...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...