Lucene search
K

212 matches found

Debian CVE
Debian CVE
added 2026/07/01 6:46 a.m.7 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.7 views

CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

There is an information disclosure vulnerability in the /proc/pid/syscall functionality of the Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue was introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4. It is likely that all...

5.5CVSS6.3AI score0.011EPSS
Exploits1References2
NVD
NVD
added 2026/06/18 7:16 p.m.12 views

CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS0.00274EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 5:53 p.m.11 views

EUVD-2026-37926

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

7.3CVSS5.2AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50778

Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...

5.3CVSS5.9AI score0.00274EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 7:9 p.m.12 views

Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.10 views

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Summary The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDGRUNTIMEDIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-/daemon.pid. Because the write does not us...

6.1CVSS5.5AI score0.00077EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : sslh vulnerability (USN-8360-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8360-1 advisory. It was discovered that sslh did not properly handle symbolic links when writing its PID file. ...

9.3CVSS5.7AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 6:17 p.m.16 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 12:16 p.m.15 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS0.00131EPSS
Exploits1References2
OSV
OSV
added 2026/06/09 9:59 p.m.9 views

GHSA-MRHX-6PW9-Q5FH PhoenixStorybook has cross-session PubSub topic injection via URL parameter

Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...

2.3CVSS5.5AI score0.00449EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.4AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.5AI score0.00339EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46259

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

5.5CVSS5.8AI score0.0012EPSS
Exploits0References12
OSV
OSV
added 2026/06/01 3:12 p.m.8 views

USN-8360-1 sslh vulnerability

It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files...

9.3CVSS5.9AI score0.00158EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:4 a.m.13 views

openvswitch: cap upcall PID array size and pre-size vport replies

...

7CVSS5.4AI score0.00117EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.13 views

SUSE CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

6.5CVSS5.9AI score0.00117EPSS
Exploits0References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:52 p.m.12 views

Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:36 p.m.11 views

Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
Rows per page
Query Builder