45 matches found
EUVD-2024-54366
Malicious code in bioql PyPI...
EUVD-2024-54365
Malicious code in bioql PyPI...
Malicious code in xero_ruby_oauth2_app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df775937f934e6eee2161d71e8e61cc59dab858b11abd32721c7bb957ab91ee1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3928 Malicious code in xero_ruby_oauth2_app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df775937f934e6eee2161d71e8e61cc59dab858b11abd32721c7bb957ab91ee1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-56370
Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...
CVE-2024-52322
WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...
CVE-2024-56370
Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...
CVE-2024-56370
CVE-2024-56370 affects Net::Xero
CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions
Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...
CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions
Net::Xero 0.044 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Rand...
CVE-2024-52322
WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...
CVE-2024-52322
WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...
CVE-2024-52322 WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions
WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...
CVE-2024-52322
WebService::Xero 0.11 and earlier for Perl uses the non-cryptographically secure rand() as entropy via the Data::Random library, which is described as intended for testing. The vulnerability stems from using a non-cryptographic RNG for cryptographic functions, potentially affecting secrecy of ent...
PT-2025-15065
Name of the Vulnerable Software and Affected Versions WebService::Xero versions 0.11 and earlier Description The issue concerns the use of a non-cryptographically secure source of entropy for cryptographic functions. Specifically, WebService::Xero uses the Data::Random library, which relies on th...
MetaCPAN Net::Xero 安全漏洞
MetaCPAN Net::Xero is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::Xero 0.044 and earlier versions that stems from the use of an insecure random number generator...
MetaCPAN WebService::Xero 安全漏洞
MetaCPAN WebService::Xero is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN WebService::Xero version 0.11 and earlier that stems from the use of an insecure random number generator...
PT-2025-15068 · Unknown +1 · Data::Random +1
Name of the Vulnerable Software and Affected Versions: Net::Xero versions 0.044 and earlier Description: The issue concerns the use of the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically, Net::Xero uses the...
Stripe: [Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure
@mrasg discovered that users of an account with member permissions were improperly allowed to see activated linked accounts and connect new carts to the account. I discovered a Vulnerability that allows the user who has member privileges to connect new carts to the Taxjar account , like...
xero-system.com Cross Site Scripting vulnerability OBB-2531174
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...