EUVD-2026-31332

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

Authen::TOTP 安全特征问题漏洞

Authen::TOTP is a two-factor authentication OTP generation and verification tool developed by tchatzi’s developer. Prior to version 0.1.1 of Authen::TOTP, there were security vulnerabilities related to the use of the Perl built-in rand function for generating secrets. This function is predictable...

CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-46474

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

EUVD-2026-30577

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

Trog::TOTP 安全特征问题漏洞

Trog::TOTP is a Perl module developed by TEODESIAN’s individual developers, which supports time-based one-time password generation and two-factor authentication. Versions of Trog::TOTP prior to 1.006 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Pe...

CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

CVE-2026-41317

The CVE concerns Press, a Frappe-based app, where the API endpoint press.api.account.create_api_secret is vulnerable to CSRF-like exploits. The issue stems from the endpoint accepting unsafe HTTP methods (GET) and writing to the database, enabling unauthorized actions without user interaction. A ...

GHSA-C8M8-3JCR-6RJ5 FUXA has a hardcoded fallback JWT signing secret

FUXA used a static fallback JWT signing secret frangoteam751 when no secretCode was configured. If authentication was enabled without explicitly setting a custom secret, an attacker who knew the default value could forge valid JWT tokens and bypass authentication. This issue has been addressed in...

OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback

Vulnerability OpenClaw reused gateway.auth.token and gateway.remote.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay=hash and commands.ownerDisplaySecret was unset. This created secret dual-use between gateway authentication and prompt metadata hashing...

EUVD-2017-8992

Malware in sbrugna...

AZL-61822 CVE-2024-58135 affecting package perl-Mojolicious 8.57-3

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

SUSE CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random is used by pretty Easy privacy pEp, aka TBE-01-001...

Insecure Random Number Generator

yapi-vendor uses an insecure random number generator. The JSON Web Token JWT signing secret generation allows recreation of other users' JWT tokens due to the usage of an insecure random number generator Math.random...

Code injection

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used...

CVE-2020-14423

Convos (Nordaaker Convos) before version 4.20 uses an insecure random secret in Core/Settings.pm and Util.pm, leading to a predictable CONVOS_LOCAL_SECRET that affects password resets and invitations. Affected: Convos prior to 4.20. Root cause: improper randomness in secret generation. Impact: pa...

Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random is used by pretty Easy privacy pEp, aka TBE-01-001...

DEBIAN-CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random is used by pretty Easy privacy pEp, aka TBE-01-001...