CVE-2026-46474

CVE-2026-46474 affects the Perl module Trog::TOTP prior to version 1.006. The vulnerability arises because secrets are generated with Perl’s built-in rand(), which is predictable and unsuitable for security use. The NVD entry documents the issue and its high impact (Confidentiality: High; Integri...

CVE-2026-5081

A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...

Astra Linux - уязвимость в php7.3

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, and 8.2. before 8.2.7, when using SOAP HTTP Digest Authentication, the random value generator was not checked for failures. Additionally, the range of values used by the random generator was narrower than necessary. In the event of a random...

Crypt::SysRandom::XS 安全漏洞

Crypt::SysRandom::XS is a Perl library developed by LEONT’s individual developers, designed for generating encrypted random numbers. Versions of Crypt::SysRandom::XS prior to 0.010 contained security vulnerabilities. These vulnerabilities stemmed from the XS function randombytes, which did not...

CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

EUVD-2018-0767

Malware in sbrugna...

CVE-2025-40923

A random session id generation flaw has been discovered in Plack-Middleware-Session. By default, session ids are generated by a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed if it is...

CVE-2019-10755

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...

Weak Random String Generation

org.apache.linkis, linkis-engineplugin-spark is vulnerable to weak random string generation. The vulnerability is due to insecure random string generation via Commons Lang's RandomStringUtils, which allows an attacker to predict the generated token, potentially enabling unauthorized access or...

ZendFramework Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, ZendCaptchaWord v1 and Zend\Captcha\Word v2 generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal arrayrand function. This function does not generate...

GHSA-2FHR-8R8R-QP56 ZendFramework Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, ZendCaptchaWord v1 and Zend\Captcha\Word v2 generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal arrayrand function. This function does not generate...

CVE-2023-31147 Insufficient randomness in generation of DNS query IDs in c-ares

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

GHSA-R4XG-4WRV-W72H Duplicate Advisory: Lemur subject to insecure random generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references. Original Description Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The...

CVE-2023-30797 Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...

Lemur subject to insecure random generation

Overview Lemur was using insecure random generation for its example configuration file, as well as for some utilities. Impact The potentially affected generated items include: | Configuration item | Config option name if applicable | Documentation link if applicable | Rotation option | Code...

nonce always remains 0

Handle paulius.eth Vulnerability details Impact a nonce is not actually incremented: nonce.add1; the new value is not assigned to the variable so nonce always remains 0 and has no impact on random generation. Recommended Mitigation Steps Should be: nonce = nonce.add1; --- The text was updated...

randomIndex is not truly random - possibility of predictably minting a specific token Id

Handle @GalloDaSballo Vulnerability details Impact Detailed description of the impact of this finding. randomIndex: Is not random Any miner has access to these values uint index = uintkeccak256abi.encodePackednonce, msg.sender, block.difficulty, block.timestamp % totalSize; Non miner attackers...

Insecure Random Number Generation

cryptiles is vulnerable to insecure random number generation. The application uses the randomDigits method which does not have sufficient entropy to be securely random, allowing an attacker to gain access through a brute-force attack...

CVE-2017-17845

CVE-2017-17845 affects Enigmail (Thunderbird extension) before 1.9.9. The issue is improper random secret generation because Math.Random() is used by pretty Easy privacy (pEp). Impact: potential confidentiality/integrity/availability concerns as per CVSS metrics (base score 7.3–7.5, HIGH). Affect...