Lucene search
K

832 matches found

CNNVD
CNNVD
added 2026/03/05 12:0 a.m.5 views

Net::NSCA::Client 安全漏洞

Net::NSCA::Client is a Perl library developed by DOUGDUDE’s individual developer. Versions of Net::NSCA::Client 0.009002 and earlier contain security vulnerabilities, which stem from the use of insecure random number generators. This could lead to the prediction of session IDs...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/26 6:18 a.m.4 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the use of a predictable algorithm for generating device lock and wipe PINs based solely on the current Unix timestamp. An attacker can gain unauthorized access to...

5.5CVSS6AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 2:45 a.m.337 views

CVE-2026-23999

CVE-2026-23999 affects Fleet open source device management before version 4.80.1. The vulnerability stems from a predictable 6‑digit PIN (device lock/wipe) derived from the current Unix timestamp without secret entropy, allowing an attacker with physical access and knowledge of approximate lock t...

5.5CVSS5.6AI score0.00124EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.3 views

Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers

Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 3:4 p.m.12 views

Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)

Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...

8.6CVSS5.6AI score0.1096EPSS
Exploits1Affected Software2
IBM AIX
IBM AIX
added 2026/02/18 8:49 a.m.9 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...

8.6CVSS5.7AI score0.1096EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/02/11 8:49 p.m.4 views

CVE-2020-37104 ASTPP 4.0.1 VoIP Billing - Database Backup Download

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.6 views

H.265/HEVC Video Steganalysis Based on CU Block Structure Gradients and IPM Mapping

Existing H.265/HEVC video steganalysis research mainly focuses on statistical feature modeling at the levels of motion vectors MV, intra prediction modes IPM, or transform coefficients. In contrast, studies targeting the coding-structure level - especially the analysis of block-level steganograph...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.5 views

Cascaded Vulnerability Attacks in Software Supply Chains

Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent components. Moreover, although the adoption of Software...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.6 views

MiracleLinux 4 : gcc-4.4.7-18.2.0.1.AXS4 (AXBA:2018-3035:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2018-3035:03 advisory. - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker...

5.6CVSS7.4AI score0.74041EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001661 advisory. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with loca...

5.6CVSS7.3AI score0.84172EPSS
Exploits3References69
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003117)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003117 advisory. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with loca...

5.6CVSS7.4AI score0.84172EPSS
Exploits3References69
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002631 advisory. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with loca...

5.6CVSS7.4AI score0.74041EPSS
Exploits9References97
Packet Storm News
Packet Storm News
added 2026/01/10 12:0 a.m.11 views

ALFA: A Safe-By-Design Approach to Mitigate Quishing Attacks Launched Via Fancy QR Codes

Phishing with Quick Response QR codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data. Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture ...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:49 a.m.8 views

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

4.3CVSS6.7AI score0.0179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.9 views

CVE-2022-37459

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue...

7.8CVSS8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:15 a.m.10 views

CVE-2019-2317

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

9.8CVSS7.1AI score0.00674EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.9 views

CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

5.9CVSS6.7AI score0.0119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.3 views

Salesforce Uni2TS 安全漏洞

Salesforce Uni2TS is a temporal prediction Python library from Salesforce USA. A security vulnerability exists in Salesforce Uni2TS 1.2.0 and prior versions, which stems from improper code generation controls and could lead to the exploitation of executable code in a non-executable file...

9.8CVSS6.9AI score0.00372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.8 views

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise servic...

9.1CVSS7AI score0.01394EPSS
Exploits0References1
Rows per page
Query Builder