Lucene search
K

35148 matches found

Vulnrichment
Vulnrichment
added 2026/06/26 8:13 a.m.6 views

CVE-2026-11702 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

5.8AI score0.00292EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 8:13 a.m.13 views

CVE-2026-11702

Affected: Bytes::Random::Secure::Tiny for Perl, versions up to 1.011. Root cause: PRNG internal state is shared across forked processes if an object is initialised before forking, leading to identical random streams. Impact: secrets generated in multiprocess apps can be predictable across process...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/26 8:7 a.m.5 views

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

5.8AI score0.00309EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 8:7 a.m.13 views

CVE-2026-11625

CVE-2026-11625 affects Bytes::Random::Secure for Perl up to version 0.29. The PRNG internal state is shared across forked processes when an object is created before forking or when the functional interface is used, causing identical random streams and potentially exposing secrets generated in mul...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 8:7 a.m.39 views

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

0.00309EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:51 a.m.8 views

Malicious code in wellnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/06/26 1:51 a.m.7 views

MAL-2026-6501 Malicious code in wellnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...

5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52986

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.24 Description The BasicAuth authentication component of the Kestra OSS workflow orchestration platform stores passwords using SHA-512, which has a high computation speed. An attacker with read access to the...

8.7CVSS5.8AI score0.00158EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52682

Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure::Tiny versions prior to 1.012 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before the fork occurs. This leads to the production of...

7.5CVSS5.7AI score0.00447EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52681

Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure versions prior to 0.30 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before forking or when the functional interface is used. This...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References9
NVD
NVD
added 2026/06/25 5:16 p.m.12 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:0 p.m.5 views

CVE-2026-55180

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:0 p.m.28 views

CVE-2026-55180 pnpm: Repository config can expand victim environment secrets into registry requests before scripts run

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 5:0 p.m.13 views

CVE-2026-55180

CVE-2026-55180 affects pnpm before 10.34.2 and 11.5.3. The issue arises when pnpm and related configuration (repository-controlled .npmrc and pnpm-workspace.yaml) expand ${ENV_VAR} placeholders into registry request destinations and registry credentials. This can cause dependency resolution to se...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:8 p.m.27 views

CVE-2026-55411 ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secrets

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:8 p.m.5 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:39 p.m.31 views

CVE-2026-54036 LibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP Verification

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS0.00213EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 4:33 a.m.30 views

CVE-2026-11379 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:33 a.m.121 views

CVE-2026-11379

GitLab Security Advisory CVE-2026-11379 affects GitLab EE. The issue is an incorrect authorization flaw in DAST site profile management that could allow a user with the Developer role to exfiltrate DAST site profile secrets under certain conditions. Affected versions include all GitLab EE release...

5.3CVSS5.8AI score0.00188EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 4:33 a.m.4 views

EUVD-2026-39170

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS5.8AI score0.00188EPSS
Exploits0References2
Rows per page
Query Builder