12416 matches found
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...
H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...
CVE-2026-8919
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
CVE-2026-8919
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
CVE-2026-8919
CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...
EUVD-2026-44585
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization
A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...
CVE-2026-48747
Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...
CVE-2026-5040
The CVE-2026-5040 entry applies to TP-Link Deco M5 v1. The issue stems from a weak password hashing mechanism used to store user credentials. An attacker who obtains the password hash via system compromise or privileged access could perform brute-force or dictionary attacks. Practical consequence...
CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5
TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...
CVE-2026-52837
Summary: Easy!Appointments
WordPress Redux Framework <=4.2.11 - Information Disclosure
WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...
EUVD-2026-43574
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...
EUVD-2026-43578
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...
PT-2026-60096
Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description Operator session tokens are stored in plaintext within the token column of the operator sessions table. These tokens are 32-byte random hex values sent via cookies and remain valid for 24...
DEBIAN-CVE-2026-58102
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...
CVE-2026-15605
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...
CVE-2026-15605 wandb Artifact Integrity Validation hashutil.py ArtifactManifestEntry.download weak hash
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...
CVE-2026-15605
The vulnerability CVE-2026-15605 affects wandb 0.25.2.dev1, specifically the ArtifactManifestEntry.download path in wandb/sdk/lib/hashutil.py under Artifact Integrity Validation. The issue is described as the use of a weak hash due to manipulating the ArtifactManifestEntry.download, with the atta...
CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...