Lucene search
K

21 matches found

NVD
NVD
added 2 days ago10 views

CVE-2026-57960

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40145

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-57960

Hi.Events

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Generating excessively long X9.42 DH keys or checking overly long X9.42 DH keys or parameters can be very slow. Applications that use functions like DHgeneratekey to generate an X9.42 DH key may experience prolonged delays. Similarly, applications that use functions like...

5.3CVSS6.6AI score0.04459EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-246 Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact...

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.6AI score0.02303EPSS
Exploits0References9
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-244 Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH...

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.4AI score0.04459EPSS
Exploits0References13
NVD
NVD
added 2026/04/07 10:16 p.m.8 views

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

7.5CVSS0.00981EPSS
Exploits0References7
OSV
OSV
added 2026/03/11 12:11 a.m.3 views

GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: openssl (TSSA-2024:0596)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0596 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

6.5CVSS6.8AI score0.03174EPSS
Exploits0References4
OSV
OSV
added 2025/03/21 1:20 p.m.5 views

OESA-2025-1327 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or...

5.3CVSS7AI score0.01131EPSS
Exploits0References2
OSV
OSV
added 2025/03/21 1:20 p.m.5 views

OESA-2025-1326 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or...

5.3CVSS7AI score0.01131EPSS
Exploits0References2
OSV
OSV
added 2024/05/16 4:15 p.m.6 views

AZL-42063 CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2024/04/25 7:15 a.m.5 views

ALPINE-CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.8AI score0.02303EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/12 12:0 a.m.6 views

The vulnerability of the EVP_PKEY_public_check() function in the OpenSSL library allows a attacker to trigger a Denial-of-Service Attack.

The vulnerability of the EVPPKEYpubliccheck function in the OpenSSL library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to trigger a Denial-of-Service attack...

5.9CVSS6.8AI score0.02303EPSS
Exploits0References11Affected Software7
CNNVD
CNNVD
added 2024/01/15 12:0 a.m.2 views

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.9CVSS7.6AI score0.02303EPSS
Exploits0References6
OSV
OSV
added 2024/01/15 12:0 a.m.1 views

UBUNTU-CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.7AI score0.02303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.4 views

PT-2024-1576

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.1 Description The issue is related to the function EVP PKEY public check in the OpenSSL library, which can lead to a Denial of Service DoS attack when checking excessively long invalid RSA public keys. This can...

9.1CVSS7.2AI score0.73461EPSS
Exploits3References238
OSV
OSV
added 2023/11/06 4:15 p.m.14 views

AZL-39659 CVE-2023-5678 affecting package kata-containers for versions less than 3.2.0.azl1-1

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.5AI score0.04459EPSS
Exploits0References1
Rows per page
Query Builder