CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 5 days ago•10 views

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS0.00317EPSS

Debian CVE•added 5 days ago•6 views

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00317EPSS

Exploits0

Cvelist•added 5 days ago•25 views

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

0.00317EPSS

Positive Technologies•added 5 days ago•5 views

PT-2026-48920

Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Crypt::PBKDF2 for Perl generates insecure random values for salts. This occurs because the software utilizes the built-in rand function, which is predictable and unsuitable for cryptographic...

7.5CVSS5.2AI score0.00317EPSS

Exploits0References9

OSV•added 2026/06/06 5:36 a.m.•15 views

MGASA-2026-0176 Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities

The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand function for salting password hashes in Digest.pm CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses...

4CVSS5.5AI score0.00103EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:49 p.m.•6 views

CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

9.1CVSS5.4AI score0.00397EPSS

Exploits0References1

RedhatCVE•added 2026/06/04 12:13 a.m.•8 views

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

4.8CVSS5.6AI score0.00222EPSS

NVD•added 2026/05/26 11:16 p.m.•12 views

CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

4.8CVSS0.00222EPSS

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

Insecure Randomness

Insecure Randomness

Insecure Randomness

Cvelist•added 2026/05/26 10:53 p.m.•27 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

0.00222EPSS

CVE•added 2026/05/26 10:53 p.m.•12 views

CVE-2026-8647

CVE-2026-8647 affects Crypt::ScryptKDF for Perl up to version 0.010. When no CSPRNG module is available, the random_bytes path falls back to Perl's built-in rand(), enabling insecure randomness in key derivation. The issue arises if Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random,...

4.8CVSS5.8AI score0.00222EPSS

Vulnrichment•added 2026/05/26 10:53 p.m.•9 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

5.8AI score0.00222EPSS

Snyk•added 2026/05/21 9:49 p.m.•9 views

Insecure Randomness

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/05/21 9:49 p.m.•9 views

Insecure Randomness

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/05/21 9:49 p.m.•10 views

Insecure Randomness

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/05/21 9:49 p.m.•9 views

Insecure Randomness

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...