Lucene search
K

1837 matches found

Vulnrichment
Vulnrichment
added 2026/04/16 4:52 p.m.3 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

2.9CVSS5.1AI score0.00379EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 4:52 p.m.7 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.1AI score0.00379EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/16 4:52 p.m.32 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

2.9CVSS0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/04/16 4:52 p.m.40 views

CVE-2026-41080

CVE-2026-41080 affects libexpat prior to 2.7.6, where insufficient entropy in the hash function allows hash flooding when processing crafted XML documents. The CVE is broadly referenced across OSV, Debian, Red Hat, and Ubuntu entries, with the core impact described as a potential DoS due to resou...

7.5CVSS5.1AI score0.00379EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/04/16 4:52 p.m.3 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.2AI score0.00379EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/16 4:52 p.m.3 views

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.2AI score0.00379EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.6 had security vulnerabilities; these vulnerabilities were due to insufficient entropy, which could allow for hash flood attacks via specially crafted XML documents...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Note that Nessus relies on the...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33342

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.6 Description The software uses insufficient entropy, which allows hash flooding to occur through a specially crafted XML document. Hash flooding is a technique where many different inputs are designed to produce...

7.5CVSS5.1AI score0.00379EPSS
Exploits0References34
FreeBSD
FreeBSD
added 2026/04/16 12:0 a.m.12 views

(lib)expat -- Insufficient entropy

https://github.com/libexpat/libexpat/pull/1183 reports: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.3AI score0.00379EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.4 views

ADAM: A Systematic Data Extraction Attack on Agent Memory Via Adaptive Querying

Large Language Model LLM agents have achieved rapid adoption and demonstrated remarkable capabilities across a wide range of applications. To improve reasoning and task execution, modern LLM agents would incorporate memory modules or retrieval-augmented generation RAG mechanisms, enabling them to...

5.8AI score
Exploits0
Ubuntu
Ubuntu
added 2026/04/06 9:59 p.m.3 views

USN-8152-1: Linux kernel (OEM) vulnerabilities

It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causi...

9.8CVSS6.9AI score0.00378EPSS
Exploits7References1
OSV
OSV
added 2026/04/06 9:59 p.m.13 views

USN-8152-1 linux-oem-6.17 vulnerabilities

It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causi...

9.8CVSS7.3AI score0.00378EPSS
Exploits7References188
OSV
OSV
added 2026/04/03 3:44 a.m.5 views

GHSA-GHC5-95C2-VWCV Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...

8.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:44 a.m.30 views

Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/03 3:43 a.m.22 views

GHSA-VFPX-Q664-H93M Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It ...

8.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:43 a.m.48 views

Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It ...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/03 3:41 a.m.3 views

GHSA-FMG6-246M-9G2V Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? You are affected if you meet the following preconditions: - Applications using...

8.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:41 a.m.10 views

Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? You are affected if you meet the following preconditions: - Applications using...

5.9AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.6 views

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

9.8CVSS5.7AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder