EUVD-2026-26369

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

EUVD-2026-21885

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2025-40925

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...

EUVD-2023-36793

Malicious code in bioql PyPI...

EUVD-2025-23880

Malicious code in bioql PyPI...

EUVD-2025-21775

Malicious code in bioql PyPI...

CVE-2025-5305

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

PT-2025-38299

Name of the Vulnerable Software and Affected Versions Password Reset with Code for WordPress REST API plugin versions prior to 0.0.17 Description The plugin does not employ cryptographically secure algorithms for generating One-Time Password OTP codes, which could allow for account takeovers...

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

UBUNTU-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

SUSE CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

CVE-2025-40919

The CVE-2025-40919 entry concerns Authen::DigestMD5 for Perl, affecting versions 0.01–0.02. The vulnerability stems from generating the cnonce with an MD5 hash of the PID, epoch time, and Perl’s rand(), which can yield low-entropy values (PID from a small set and potentially guessable epoch time)...

CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2023-32549

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...

Cross-Site Request Forgery (CSRF)

github.com/dinever/golf is vulnerable to cross-site request forgery CSRF. The vulnerability is due to a lack of cryptographically secure random numbers used in CSRF tokens generation resulting in the values being predicted relatively easily, resulting in CSRF bypass...