CVE-2025-0577 Glibc: vdso getrandom acceleration may return predictable randomness

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577

CVE-2025-0577 : In glibc, the getrandom/arc4random family may return predictable randomness when a fork occurs concurrently with a subsequent call to these functions. The CVSSv3.1 base score is 4.8 (MEDIUM) with low confidentiality and integrity impacts and no availability impact. Connected advis...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-40905

CVE-2025-40905 affects WWW::OAuth (Perl) versions 1.000 and earlier. The root cause is using rand() as the default entropy source for cryptographic functions, which is not cryptographically secure. Impact is limited to cryptographic functions that rely on this entropy source; exploitation details...

CVE-2025-66630

A flaw was found in the Fiber web framework github.com/gofiber/fiber/v2. On Go versions prior to 1.24, the framework's Universally Unique Identifier UUID generation functions do not return an error when the underlying cryptographic randomness source fails. This can cause applications to use...

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-66630

Fiber is a Go web framework. Before 2.52.11 and on Go

Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

PT-2026-7122

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.11 Fiber versions prior to 2.52.11 running on Go versions prior to 1.24 Description The Fiber framework, an Express-inspired web framework written in Go, is susceptible to generating predictable identifiers when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-form-data (UTSA-2026-005212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005212 advisory. Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

CVE-2025-59103

The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users...

EUVD-2025-206329

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

EUVD-2026-4159

Triton VM Soundness Vulnerability due to Improper Sampling of Randomness...

GHSA-RJR4-V43M-PXQ6 Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...