CVE-2026-46474

CVE-2026-46474 affects the Perl module Trog::TOTP prior to version 1.006. The vulnerability arises because secrets are generated with Perl’s built-in rand(), which is predictable and unsuitable for security use. The NVD entry documents the issue and its high impact (Confidentiality: High; Integri...

EUVD-2026-30577

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-42898

Improper control of generation of code 'code injection' in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network...

CVE-2026-33710

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

USN-8152-1: Linux kernel (OEM) vulnerabilities

It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causi...

MiracleLinux 9 : firefox-102.9.0-3.el9.ML.1 (AXSA:2023-5234:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5234:12 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

CVE-2025-11837 Malware Remover

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

CVE-2025-67504

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

UBUNTU-CVE-2025-13402

RNP PKESK Session Keys Generated as All-Zero...

CVE-2025-13402

Removed by vendor...

PT-2025-45604

Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...

Jumo variTRON300 安全特征问题漏洞

Jumo variTRON300 is an automation system from China-based Jumo Automation Jumo. The Jumo variTRON300 suffers from a security signature issue vulnerability that stems from a flaw in the password generation algorithm, which could allow an unauthenticated, local attacker to obtain the password via...

PT-2025-43243

Name of the Vulnerable Software and Affected Versions WP Last Modified Info versions through 1.9.2 Description A flaw exists in WP Last Modified Info that allows for Remote Code Inclusion due to improper control of code generation. This issue allows an attacker to inject code remotely...

PT-2025-43155

Name of the Vulnerable Software and Affected Versions jurajpuchky Fix Multiple Redirects versions through 1.2.3 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This means that malicious...

EUVD-2018-11913

Malware in sbrugna...

EUVD-2015-8503

Malware in sbrugna...

EUVD-2019-5861

Malware in sbrugna...

EUVD-2000-0802

Malware in sbrugna...

EUVD-2025-26057

Malicious code in bioql PyPI...

EUVD-2024-52851

Malicious code in bioql PyPI...