Lucene search
+L

6 matches found

NVD
NVD
added 8 hours ago7 views

CVE-2026-9323

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/30 11:5 a.m.33 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 11:43 p.m.3 views

GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

8.7CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/02/09 7:0 p.m.3 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

9.8CVSS5.6AI score0.00471EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/22 7:41 p.m.13 views

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

5.9CVSS6.8AI score0.00182EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/25 2:15 a.m.6 views

CVE-2021-45484

In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG...

7.5CVSS5.8AI score0.00964EPSS
Exploits0References2
Rows per page
Query Builder