EUVD-2025-18132

Malicious code in bioql PyPI...

CVE-2025-40916

The CVE-2025-40916 entry concerns Mojolicious::Plugin::CaptchaPNG (Perl) v1.05, which uses the built-in rand() for captcha text and image noise, constituting a weak random number source. This root cause is explicitly stated across multiple sources (Red Hat, NVD, CVE lists). Impact is described as...

Mojolicious::Plugin::CaptchaPNG 安全漏洞

Mojolicious::Plugin::CaptchaPNG is a captcha plugin from the metaCPAN Foundation. A security vulnerability exists in Mojolicious::Plugin::CaptchaPNG version 1.05, which stems from the use of a weak random number source to generate CAPTCHAs...

CVE-2025-40915

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand function...

PT-2025-25230 · Unknown · Mojolicious::Plugin::Csrf

Name of the Vulnerable Software and Affected Versions: Mojolicious::Plugin::CSRF version 1.03 Description: The issue concerns a weak random number source used for generating CSRF tokens. Specifically, the tokens are generated as an MD5 of the process id, the current time, and a single call to the...

PT-2020-17057 · Rclone +2 · Rclone +2

Name of the Vulnerable Software and Affected Versions: Rclone versions prior to 1.53.3 Description: An issue was discovered due to the use of a weak random number generator, resulting in the password generator producing weak passwords with much less entropy than advertised. The suggested password...