CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

JLSEC-2026-586

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash in modules/preprocs/nasm/nasm-pp.c...

Claude-Mem 安全漏洞

Claude-Mem is an AI development assistant developed by Alex Newman. Versions of Claude-Mem prior to 11.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the computeObservationContentHash function of the Observation Content Hash Handler...

CVE-2026-10813 LMCache KV Cache utils.py hex_hash_to_int16 weak hash

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

ModelScope 安全漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Versions of ModelScope 4.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the Template.savepilimage function of the...

LMCache 安全漏洞

LMCache is an open-source large-scale caching tool developed by LMCache. Versions of LMCache 0.4.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the hexhashtoint16 function in the KV Cache Handler component’s lmcache/integration/vllm/utils.py file, which used ...

CVE-2026-8881

The CVE-2026-8881 entry affects the Securly Chrome Extension (version 3.0.7). It relies on EVP_BytesToKey with MD5 and a single iteration for AES encryption. The description notes that MD5 has been broken since 2004 and a single iteration provides no key stretching, which weakens the cryptographi...

CVE-2026-8803

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

EUVD-2026-30565

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

CVE-2026-7689

Dolibarr ERP/CRM (up to 23.0.2) is affected by a vulnerability in the Online Signature Module versioning, where dol_verifyHash in htdocs/core/lib/security.lib.php mishandles cryptographic signature verification. This allows a remote attacker to potentially leverage a flawed signature check; explo...

CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2

In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 for collision detection. The current code switches to "hash2" when...

CVE-2026-33710

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

CVE-2026-33710

Chamilo LMS (prior to 1.11.38 and 2.0.0-RC.3) uses REST API keys generated by md5(time() + (user_id * 5) - rand(10000, 10000)). Since rand(10000,10000) always returns 10000, the key becomes md5(timestamp + user_id*5 - 10000), enabling brute-forcing by an attacker who knows a username and approxim...

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

CVE-2025-15618

CVE-2025-15618 affects Perl module Business::OnlinePayment::StoredTransaction up to version 0.01. The root cause is generating a secret key for encrypting credit card data by taking an MD5 hash of a single rand() call, which is not cryptographically secure. Consequence: high impact on confidentia...

PT-2026-29217

Name of the Vulnerable Software and Affected Versions Business::OnlinePayment::StoredTransaction versions through 0.01 Description The software generates a secret key using an MD5 hash of a single call to the rand function, which is not suitable for cryptographic purposes. This key is used for...

Not Failing Securely ('Failing Open')

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the verifyhash function in authlib/oidc/core/claims.py. An attacker can substitute an access token or authorization code undetect...

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...