EUVD-2018-0553

Malware in sbrugna...

EUVD-2018-4926

Malware in sbrugna...

EUVD-2018-9708

Malware in sbrugna...

EUVD-2025-30364

Malicious code in bioql PyPI...

MetaCPAN Crypt::RandomEncryption 安全漏洞

MetaCPAN Crypt::RandomEncryption is a Perl library from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Crypt::RandomEncryption version 0.01, which stems from the use of an insecure rand function for encryption, which may result in insufficient encryption strength...

CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

CVE-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch...

PT-2025-38638

Name of the Vulnerable Software and Affected Versions Starch versions 0.14 and earlier Description Starch generates session IDs insecurely. The default session ID generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference...

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...

PT-2025-38160

Name of the Vulnerable Software and Affected Versions: Apache::AuthAny::Cookie versions 0.201 and earlier Description: The software generates session IDs insecurely using an MD5 hash of the epoch time and the rand function. The epoch time may be guessable if not concealed by the HTTP Date header,...

Usage of unsafe random function in form-data for choosing boundary

...

Moderate: Red Hat Security Advisory: Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0 This update has a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section Kiali 2.4.8, for Red H...

FreeBSD : p5-Authen-SASL -- Insecure source of randomness (defe9a20-781e-11f0-97c4-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the defe9a20-781e-11f0-97c4-40b034429ecf advisory. p5-Authen-SASL project reports: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs

This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

CVE-2024-58135

Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....

UBUNTU-CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to u...