MGASA-2026-0176 Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities

The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand function for salting password hashes in Digest.pm CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses...

CVE-2026-22920

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks...

CVE-2026-22920

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-22920

...

CVE-2026-22920

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2026-22920

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2026-3001

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks. Recommendations At the moment, there is no...

System Password Security: Attack and Defense Mechanisms

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute corresponding operations. In recent years, frequent passwor...

Too salty to handle: Exposing cases of CSS abuse for hidden text salting

Cisco Talos has been closely monitoring the abuse of cascading style sheets CSS properties to include irrelevant content or salt in different parts of messages, a technique known as hidden text salting. This blog is a follow-up to our previous reports in January and March 2025 on CSS abuse in...

EUVD-2023-44778

Malicious code in bioql PyPI...

CVE-2025-32471

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...

CVE-2025-32471

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...

PT-2025-18055 · Sick Ag · Sick Flx3-Cpuc200

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to inadequate salting of device passwords, making them susceptible to password extraction attacks. Recommendations: At the moment, there is no information about a newer...

CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-27551

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

MetaCPAN DBIx::Class::EncodedColumn 安全漏洞

MetaCPAN DBIx::Class::EncodedColumn is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN DBIx::Class::EncodedColumn versions prior to 0.00032, which stems from the use of a non-cryptographically secure rand function for password hash salting...

Seasoning email threats with hidden text salting

Cisco Talos observed an increase in the number of email threats leveraging hidden text salting also known as "poisoning" in the second half of 2024. Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely...

CVE-2023-40173 Unsalted passwords in fobybus/social-media-skeleton

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...

CVE-2022-21800

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...