CVE-2026-46493 haxtheweb/haxcms-php uses insecure method for generating salt

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...