EUVD-2026-32022

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

SUSE CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CLSA-2026-1772617597 nodejs: Fix of 2 CVEs

CVE-2025-22150: fix issue where undici used Math.random to choose boundary for multipart/form-data request, now uses secure random number generator - CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code - Run full Node.js tests in %check - Fix comment typo in spec...

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

PT-2026-7122

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.11 Fiber versions prior to 2.52.11 running on Go versions prior to 1.24 Description The Fiber framework, an Express-inspired web framework written in Go, is susceptible to generating predictable identifiers when...

Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

Vision UI 安全漏洞

Vision UI is a UI component by David Osipov Personal Developer. A security vulnerability exists in Vision UI 1.4.0 and earlier versions, which stems from a memory exhaustion issue in the generateSecureId and getSecureRandomInt functions that could lead to a denial of service attack...

CVE-2024-1631 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

WordPress Plugin uListing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Open Source Matters Joomla 安全特征问题漏洞

Joomla is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source, cross-platform content management system CMS. Joomla suffers from a cryptographic issue vulnerability that stems from not using the secure rand function during the generation of 2FA keys. No...