Lucene search
K

372 matches found

CVE
CVE
added 2026/05/21 6:53 p.m.21 views

CVE-2026-46473

Summary of CVE-2026-46473 : The issue affects the Perl module Authen::TOTP prior to version 0.1.1, where secrets are generated using Perl’s built‑in rand() function. This makes secret values predictable, undermining security for TOTP-based authentication. The practical impact is limited to implem...

7.5CVSS5.8AI score0.00416EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 12:30 a.m.14 views

EUVD-2026-31198

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

5.8AI score0.00397EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Authen::TOTP 安全特征问题漏洞

Authen::TOTP is a two-factor authentication OTP generation and verification tool developed by tchatzi’s developer. Prior to version 0.1.1 of Authen::TOTP, there were security vulnerabilities related to the use of the Perl built-in rand function for generating secrets. This function is predictable...

7.5CVSS5.8AI score0.00416EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 10:16 p.m.8 views

DEBIAN-CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 10:8 p.m.31 views

CVE-2026-47372

CVE-2026-47372 affects Crypt::SaltedHash for Perl up to version 0.09, where salts are generated using the built-in rand function. This produces insecure, predictable randomness, compromising cryptographic strength. Multiple sources (SUSE, ENISA EUVD, NVD, Debian tracker, CVE lists) describe the s...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 10:8 p.m.8 views

CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

5.8AI score0.00397EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/20 10:8 p.m.8 views

CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

9.1CVSS5.8AI score0.00397EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

perl-Crypt-SaltedHash 安全特征问题漏洞

perl-Crypt-SaltedHash is a Perl password hashing tool developed by Robert Rothenberg. Versions of perl-Crypt-SaltedHash prior to 0.09 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in rand function to generate insecure random salt values. This function...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42270

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.10 Description Crypt::SaltedHash for Perl generates insecure random values for salts because it utilizes the built-in rand function, which is predictable and unsuitable for cryptographic purposes...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2026/05/18 7:59 p.m.16 views

CVE-2026-46474

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS5.8AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 5:31 p.m.11 views

CVE-2026-8700

A flaw was found in perl-Crypt-DSA. This vulnerability occurs because the software generates cryptographic seeds using Perl's built-in rand function, which is predictable and unsuitable for security-sensitive operations. An attacker could potentially leverage this predictability to weaken the...

7.3CVSS5.7AI score0.00355EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-8700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitabl...

7.3CVSS5.4AI score0.00355EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 10:16 p.m.19 views

CVE-2026-8700

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.3CVSS0.00355EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 10:16 p.m.8 views

UBUNTU-CVE-2026-8700

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.3CVSS5.8AI score0.00355EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/15 10:10 p.m.7 views

CVE-2026-8700 Crypt::DSA versions before 1.20 for Perl generate seeds using rand

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

5.8AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 10:10 p.m.42 views

CVE-2026-8700 Crypt::DSA versions before 1.20 for Perl generate seeds using rand

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 5:41 p.m.52 views

CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

0.00316EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 11:6 a.m.9 views

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41376

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Seeds are generated using the built-in rand function in Perl, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.20 or later...

7.3CVSS5.8AI score0.00355EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/11 9:31 p.m.9 views

EUVD-2026-29199

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was...

5.8AI score0.00174EPSS
Exploits0References3
Rows per page
Query Builder