Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

EUVD-2026-17531

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

CVE-2026-5087

CVE-2026-5087 affects PAGI::Middleware::Session::Store::Cookie for Perl, versions up to 0.001003. The root cause is that the store reads random bytes directly from /dev/urandom; if that device is unavailable (e.g., on Windows), it issues a warning and falls back to using the built-in rand() funct...

EUVD-2025-209143

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

PT-2026-29290

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...

PT-2026-29217

Name of the Vulnerable Software and Affected Versions Business::OnlinePayment::StoredTransaction versions through 0.01 Description The software generates a secret key using an MD5 hash of a single call to the rand function, which is not suitable for cryptographic purposes. This key is used for...

PAGI::Middleware::Session::Store::Cookie 安全漏洞

PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

EUVD-2026-16939

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

CVE-2026-3256

CVE-2026-3256 affects HTTP::Session for Perl up to version 0.53. The vulnerability arises from the session ID generation using HTTP::Session::ID::SHA1 (SHA-1) seeded with the built-in rand, high-resolution epoch time, and PID, with the PID drawn from a small set and epoch time potentially guessab...

CVE-2025-15604

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

CVE-2025-15604

Summary (CVE-2025-15604) Amon2 for Perl with vulnerable random_string implementation affects versions before 6.17. In 6.06–6.16, random_string reads /dev/urandom if available; if not, it falls back to a SHA-1 hash seeded with rand(), the PID, and the high-resolution epoch time. The epoch time can...

Amon2 安全漏洞

Amon2 is a lightweight web application development framework developed by Tokuhiro Matsuno. Versions of Amon2 prior to 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the insecure implementation of the randomstring function, which could lead to the generation of insecu...