Lucene search
K

261 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 5:54 a.m.10 views

CVE-2026-5081

A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 3:16 p.m.8 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS0.00443EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Crypt::PasswdMD5 安全特征问题漏洞

Crypt::PasswdMD5 is a Perl module developed by RSAVAGE’s individual developers, which implements MD5-based password hashing calculations. Versions of Crypt::PasswdMD5 prior to 1.42 contained security vulnerabilities due to the use of a predictable built-in rand function to generate insecure rando...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 5:41 a.m.33 views

EUVD-2026-26895

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/29 5:16 p.m.6 views

CVE-2026-6914

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

MongoDB Server 数字错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a numerical error vulnerability in MongoDB Server, where the MD5 checks...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34623

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.10.39 through 0.10.77 Description The EVP DigestFinal function always writes EVP MD CTX sizectx to the out buffer. If the out buffer is smaller than that size, the MdCtxRef::digest final function writes past its end,...

9.8CVSS5.3AI score0.00373EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.10 views

PT-2026-32282

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.13 views

Juniper Junos OS Vulnerability (JSA100056)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100056 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge t...

9CVSS7AI score0.14859EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:4 a.m.2 views

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27429

Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified NGINX Plus affected versions not specified Description When the ngx mail auth http module module is enabled, certain undisclosed requests can lead to the termination of worker processes. This...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References108
NVD
NVD
added 2026/03/05 2:16 a.m.7 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS0.00583EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-27754

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

6.9CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 6:9 p.m.6 views

CVE-2026-27754

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

6.9CVSS5.9AI score0.00116EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/27 12:0 a.m.5 views

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

8.2CVSS5.8AI score0.002EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

SODOLA SL902-SWTGW124AS 安全特征问题漏洞

SODOLA SL902-SWTGW124AS is an industrial switch produced by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to 200.1.20 had security feature vulnerabilities. These vulnerabilities stemmed from a weak session identifier generation mechanism, which could allow attackers to...

9.8CVSS5.8AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.6 views

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

9.8CVSS5.6AI score0.02121EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Tenable Security Center < 6.8.0 Multiple Vulnerabilities (TNS-2026-07)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-07 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD...

8.8CVSS6.8AI score0.01421EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/01/29 12:0 a.m.5 views

Libgcrypt 1.12.0

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

6AI score
Exploits0
EUVD
EUVD
added 2026/01/29 12:0 a.m.6 views

EUVD-2025-206531

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...

6AI score0.00402EPSS
Exploits1References3
Rows per page
Query Builder