EUVD-2026-37926

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

SUSE CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

EUVD-2026-36456

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

PT-2026-48920

Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Crypt::PBKDF2 for Perl generates insecure random values for salts. This occurs because the software utilizes the built-in rand function, which is predictable and unsuitable for cryptographic...

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

Medium: device-mapper-persistent-data

Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS : tgt vulnerability (USN-8325-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8325-1 advisory. It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could...

CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...

CVE-2026-46473

Summary of CVE-2026-46473 : The issue affects the Perl module Authen::TOTP prior to version 0.1.1, where secrets are generated using Perl’s built‑in rand() function. This makes secret values predictable, undermining security for TOTP-based authentication. The practical impact is limited to implem...

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

EUVD-2026-31198

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

Authen::TOTP 安全特征问题漏洞

Authen::TOTP is a two-factor authentication OTP generation and verification tool developed by tchatzi’s developer. Prior to version 0.1.1 of Authen::TOTP, there were security vulnerabilities related to the use of the Perl built-in rand function for generating secrets. This function is predictable...