Use Of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Cloudreve is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the generation of security-sensitive secrets using math/rand seeded with predictable timestamps, which allows an attacker to recover the secret key, forge JWTs, and gain...

EUVD-2026-30666

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

UBUNTU-CVE-2026-8700

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-8700 Crypt::DSA versions before 1.20 for Perl generate seeds using rand

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-8700

CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...

CVE-2026-46474

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-46474

CVE-2026-46474 affects the Perl module Trog::TOTP prior to version 1.006. The vulnerability arises because secrets are generated with Perl’s built-in rand(), which is predictable and unsuitable for security use. The NVD entry documents the issue and its high impact (Confidentiality: High; Integri...

CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-42155

Summary of CVE-2026-42155 (Magento OpenMage LTS): The issue affects OpenMage/magento-lts OpenMage LTS releases via the legacy API session ID generation in Mage_Api_Model_Session::start(), where the session ID is md5(time() . uniqid('', true) . (possibly null sessionName)). This yields very low en...

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

CVE-2026-8503

A flaw was found in Apache::Session::Generate::SHA256 within perl-Apache-Session-Browseable. The session ID generator uses predictable, low-entropy sources such as the rand function, epoch time, and process ID PID to create session identifiers. This weakness allows a remote attacker to predict...

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

CVE-2026-8503 Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

EUVD-2026-30536

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

PT-2026-41294

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

PT-2026-41376

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Seeds are generated using the built-in rand function in Perl, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.20 or later...

CVE-2026-3290

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

CVE-2026-3290

CVE-2026-3290 affects the HRNG in the RS9116. When power-save mode is enabled, timing limitations produce predictable random values, as described in the connected records. The CVSS 4.0 vector indicates high impact on confidentiality and integrity with adjacent access and no privileges, and passiv...

EUVD-2026-30381

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...