Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.0 contained security vulnerabilities, which stemmed from insecure implementations of the calluserfuncarray function, potentially allowing remote code execution...

EUVD-2021-10244

Malware in sbrugna...

EUVD-2025-9547

Malicious code in bioql PyPI...

EUVD-2025-23888

Malicious code in bioql PyPI...

EUVD-2022-47001

Malicious code in bioql PyPI...

CVE-2025-51056

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...

CVE-2025-51056

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews' custom function in '/apivedo/colorwayspreview', ultimately resulting in remote code execution RCE...

CVE-2025-40916

The CVE-2025-40916 entry concerns Mojolicious::Plugin::CaptchaPNG (Perl) v1.05, which uses the built-in rand() for captcha text and image noise, constituting a weak random number source. This root cause is explicitly stated across multiple sources (Red Hat, NVD, CVE lists). Impact is described as...

CVE-2024-52322 WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions

WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...

CVE-2024-58036 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

CVE-2024-57868 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions

Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...

CVE-2025-1805

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...

CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes

Crypt::Salt for Perl version 0.01 uses insecure rand function when generating salts for cryptographic purposes...

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-8616

CVE-2024-8616 affects h2oai/h2o-3 v3.46.0. The flaw resides in the /99/Models/{name}/json handler where user-controllable exportModelDetails uses the mexport.dir parameter to choose the file path, enabling arbitrary file overwrite on the host. This is due to inadequate validation in the underlyin...

CVE-2025-1828

CVE-2025-1828 affects the Crypt::Random Perl package versions 1.05 through 1.55. The vulnerability arises because cryptographic functions may use the non-cryptographically strong rand() function when a provider is not specified and /dev/urandom or an Entropy Gathering Daemon is unavailable; Crypt...

CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions

Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the...

CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page

NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting. The flaw occurs due to...