CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

EUVD•added 2026/05/26 10:53 p.m.•11 views

EUVD-2026-32022

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

5.8AI score0.00222EPSS

Exploits0References2

ATTACKERKB•added 2026/05/26 10:53 p.m.•7 views

CVE-2026-8647

5.8AI score0.00222EPSS

Exploits0References3

Cvelist•added 2026/05/26 10:53 p.m.•29 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

0.00222EPSS

Exploits0References2

Positive Technologies•added 2026/05/26 12:0 a.m.•13 views

PT-2026-43430

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random bytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

5.8AI score0.00222EPSS

Exploits0References5

Tenable Nessus•added 2026/04/27 12:0 a.m.•6 views

Debian dla-4551 : libmbedcrypto3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4551 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4551-1 [email protected]...

6.7CVSS5.7AI score0.0024EPSS

Exploits0References6

Cvelist•added 2026/03/31 10:4 a.m.•21 views

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

0.00328EPSS

Exploits0References2

Debian CVE•added 2026/02/26 11:33 p.m.•4 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.3AI score0.002EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-4083

Malware in sbrugna...

6.4CVSS6.1AI score0.0228EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•30 views

EUVD-2020-0493

Malware in sbrugna...

9.8CVSS9.3AI score0.03673EPSS

Exploits1References19

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-18132

Malicious code in bioql PyPI...

7CVSS6.6AI score0.00242EPSS

Exploits0References3

Tenable Nessus•added 2025/08/24 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2018-25107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits. CVE-2018-25107...

7.5CVSS5.5AI score0.00407EPSS

Exploits0References2

CVE•added 2025/06/16 11:1 a.m.•31 views

CVE-2025-40916

The CVE-2025-40916 entry concerns Mojolicious::Plugin::CaptchaPNG (Perl) v1.05, which uses the built-in rand() for captcha text and image noise, constituting a weak random number source. This root cause is explicitly stated across multiple sources (Red Hat, NVD, CVE lists). Impact is described as...

9.1CVSS6.6AI score0.00332EPSS

Exploits0References4

CNNVD•added 2025/06/16 12:0 a.m.•2 views

Mojolicious::Plugin::CaptchaPNG 安全漏洞

Mojolicious::Plugin::CaptchaPNG is a captcha plugin from the metaCPAN Foundation. A security vulnerability exists in Mojolicious::Plugin::CaptchaPNG version 1.05, which stems from the use of a weak random number source to generate CAPTCHAs...

9.1CVSS6.7AI score0.00332EPSS

Exploits0References5

NVD•added 2025/06/11 5:15 p.m.•8 views

CVE-2025-40915

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...

7CVSS0.00242EPSS

Exploits0References2

Positive Technologies•added 2025/06/11 12:0 a.m.•3 views

PT-2025-25230 · Unknown · Mojolicious::Plugin::Csrf

Name of the Vulnerable Software and Affected Versions: Mojolicious::Plugin::CSRF version 1.03 Description: The issue concerns a weak random number source used for generating CSRF tokens. Specifically, the tokens are generated as an MD5 of the process id, the current time, and a single call to the...

7CVSS6.1AI score0.00242EPSS

Exploits0References7

RedhatCVE•added 2025/05/22 4:41 a.m.•7 views

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS6.8AI score0.00407EPSS

Exploits0References1

CNNVD•added 2025/03/10 12:0 a.m.•1 views

Crypt::Random::Source 安全特征问题漏洞

Crypt::Random::Source is a library from the personal developer Karen Etheridge. A security signature issue vulnerability exists in Crypt::Random::Source versions 1.05 through 1.55, which stems from a cryptographic operation using an insecure rand function...

8.8CVSS6.7AI score0.00376EPSS

Exploits0References4

NVD•added 2024/12/29 7:15 a.m.•41 views

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS0.00407EPSS

Exploits0References2