CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

GHSA-XMV7-R254-6Q78 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

Use Of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Cloudreve is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the generation of security-sensitive secrets using math/rand seeded with predictable timestamps, which allows an attacker to recover the secret key, forge JWTs, and gain...

JLSEC-2026-464 Mbed TLS might use cloned PSA random generator states

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

JLSEC-2026-465 Mbed TLS may use a low entropy PRNG seed

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...

Spring Boot's random value property source uses a weak PRNG unsuitable for secrets

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

VMware Spring Boot 安全特征问题漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.5, 3.5.0 to 3.5.13, 3.4.0 to 3.4.15, 3.3.0 to 3.3.18, and 2.7.0 to 2.7.32 of VMware Spring Boot. These vulnerabilities stem from the use of random...

SUSE CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

CVE-2026-41564

CVE-2026-41564 concerns CryptX for Perl before 0.088, where per-object PRNG state seeded in Crypt::PK::* constructors is not reseeded after fork. A Crypt::PK::* object created before a fork can be inherited by multiple child processes with byte-identical PRNG state, enabling identical outputs in ...

CVE-2026-41564 CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

Linux Distros Unpatched Vulnerability : CVE-2026-41564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC,...

SUSE CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

EUVD-2026-18001

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

DEBIAN-CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...