CVE-2026-8503

CVE-2026-8503 affects Apache::Session::Generate::SHA256 in Perl (versions before 1.3.19). The default ID generator creates a SHA-256 hash of sources with low entropy (rand(), epoch, PID) and hashes that result again, making session IDs predictable. This predictable randomness can enable an attack...

Exploit for Insecure Default Initialization of Resource in Praison Praisonai

CVE-2026-44338 PraisonAI Authentication Bypass Lab Local Dock...

BIT-GRAFANA-2026-28374 IDOR in Annotations API allows unprivileged users to DELETE annotation

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

EUVD-2025-209875

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

CVE-2026-31234

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

Exploit for Insecure Default Initialization of Resource in Praison Praisonai

⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...

PT-2026-41301

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

Apache::Session::Generate::SHA256 安全特征问题漏洞

Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

Medical Management System 访问控制错误漏洞

Medical Management System is a pharmacy management system developed by zhuozou. There is an access control vulnerability in Medical Management System, which stems from insecure permission settings, potentially allowing any user to reset their password...

PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

PT-2026-41294

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

PT-2026-41253

Name of the Vulnerable Software and Affected Versions AGESA Bootloader Firmware affected versions not specified Description An insecure default configuration state of the DDR5 memory module within the AGESA Bootloader Firmware allows a local user to abuse the unprotected PMIC Power Management...