Weaknesses of type CWE-338
125 resultsCVE-2025-40916CRITICALMojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha textEPSS 0.3%CVE-2025-40923HIGHPlack-Middleware-Session before version 0.35 for Perl generates session ids insecurelyEPSS 0.3%CVE-2025-15618CRITICALBusiness::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret keyEPSS 0.3%CVE-2026-11832CRITICALDancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonceEPSS 0.3%CVE-2023-34363MEDIUMAn issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encrEPSS 0.3%CVE-2026-5087HIGHPAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurelyEPSS 0.3%CVE-2022-26943HIGHWeak PRNG entropy source used for authentication challenge generation in Motorola MTM5000EPSS 0.3%CVE-2024-56370MEDIUMNet::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functionsEPSS 0.3%CVE-2026-9638HIGHCrypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for saltsEPSS 0.3%CVE-2026-5084MEDIUMWebDyne::Session versions through 2.075 for Perl generates the session id insecurelyEPSS 0.3%CVE-2002-20002MEDIUMThe Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptogrEPSS 0.3%CVE-2021-26091MEDIUMA use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption serviceEPSS 0.3%CVE-2026-46493HIGHhaxtheweb/haxcms-php uses insecure method for generating saltEPSS 0.3%CVE-2025-15578CRITICALMaypole versions from 2.10 through 2.13 for Perl generates session ids insecurelyEPSS 0.3%CVE-2025-40919MEDIUMAuthen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurelyEPSS 0.3%CVE-2026-9692MEDIUMMojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurelyEPSS 0.3%CVE-2026-42155CRITICALMagento LTS: Weak API Session ID — Predictable MD5 of Time-Derived InputsEPSS 0.3%CVE-2026-41505HIGHRELATE: Predictable Token Generation in auth.py and exam.pyEPSS 0.3%CVE-2024-57868MEDIUMWeb::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functionsEPSS 0.3%CVE-2024-52322MEDIUMWebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functionsEPSS 0.3%