CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

EUVD-2025-21702

Malicious code in bioql PyPI...

EUVD-2025-21696

Malicious code in bioql PyPI...

Amazon Linux 2 : perl-Authen-SASL (ALAS-2025-2967)

The version of perl-Authen-SASL installed on the remote host is prior to 2.15-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2967 advisory. Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client non...

FreeBSD : p5-Authen-SASL -- Insecure source of randomness (defe9a20-781e-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the defe9a20-781e-11f0-97c4-40b034429ecf advisory. p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

CVE-2025-40919

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...

CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...