Lucene search
K

12068 matches found

CVE
CVE
added 1 hour ago17 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS5.9AI score
Exploits0References1
CVE
CVE
added 1 hour ago16 views

CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 12 hours ago6 views

Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

6.5AI score
Exploits0References7
Nuclei
Nuclei
added 14 hours ago75 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.2AI score0.02582EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago50 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS5.9AI score0.2756EPSS
Exploits6References5
Nuclei
Nuclei
added 14 hours ago47 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS5.8AI score0.73635EPSS
Exploits11References5
EUVD
EUVD
added 16 hours ago3 views

EUVD-2026-39598

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score
Exploits0References2
NVD
NVD
added 16 hours ago4 views

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS
Exploits0References1
NVD
NVD
added 16 hours ago4 views

CVE-2026-9221

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-9222

The CVE-2026-9222 entry concerns the Setracker2 Android Companion App (package com.tgelec.setracker) version 3.1.5 and earlier. The underlying issue is authentication that accepts a password hash in lieu of a password when contacting backend services, enabling an attacker who knows the hash to au...

9.2CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-9221

CVE-2026-9221 affects Setracker2 Android Companion App (com.tgelec.setracker)

8.7CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-38380

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-52973

A flaw was found in the Linux kernel's futex subsystem. The needfutexhashallocatedefault function incorrectly relies on CLONETHREAD semantics, which can lead to non-concurrency issues when memory allocations mm-futexref pcpu allocations are shared across CLONEVM clones, excluding vfork. This can...

7CVSS5.8AI score0.00173EPSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-8720

CVE-2026-8720 affects wolfSSL’s HMAC-BLAKE2 APIs introduced in version 5.9.0. When the input key length exceeds the BLAKE2 block size, the implementation reinitializes the running hash state in the key-hashing branch, discarding accumulated message data. As a result, the produced MAC may become i...

5.9CVSS5.9AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS
Exploits0References2
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-6331

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS5.8AI score
Exploits0
CVE
CVE
added yesterday8 views

CVE-2026-6331

CVE-2026-6331 describes a vulnerability in the OpenSSL-compatibility HMAC verify path where EVP_DigestVerifyFinal could accept a zero-length or truncated tag. The root cause is insufficient validation of the supplied signature length, which was only checked to not exceed the MAC length rather tha...

2.1CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-39560

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder