Lucene search
K

438 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 10:59 a.m.5 views

CVE-2026-5128

A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In...

5.9AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/30 10:55 a.m.3 views

CVE-2025-15604

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 9:18 a.m.15 views

CVE-2026-5128

...

0.00144EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29007

Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1 Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account...

10CVSS5.9AI score0.00144EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/28 9:33 p.m.4 views

EUVD-2025-209114

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

5.8AI score0.00521EPSS
Exploits0References6
NVD
NVD
added 2026/03/28 7:16 p.m.7 views

CVE-2025-15604

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

9.8CVSS0.00521EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/28 6:52 p.m.2 views

CVE-2026-3256

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/28 6:43 p.m.2 views

CVE-2025-15604

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

5.8AI score0.00521EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/28 6:43 p.m.32 views

CVE-2025-15604 Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

0.00521EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.5 views

HTTP::Session 安全漏洞

HTTP::Session is a server-side component library developed by KTAT’s individual developers, used for session management and state maintenance in web applications. Versions of HTTP::Session prior to 0.53 contained security vulnerabilities; these vulnerabilities stemmed from the default use of...

9.8CVSS5.8AI score0.0053EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.8 views

PT-2026-28276

Name of the Vulnerable Software and Affected Versions Amon2 versions prior to 6.17 Description Amon2 for Perl utilizes an insecure random string implementation in its security functions. Versions 6.06 through 6.16 attempt to use /dev/urandom, but fall back to a SHA-1 hash seeded with the built-in...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.6 views

Amon2 安全漏洞

Amon2 is a lightweight web application development framework developed by Tokuhiro Matsuno. Versions of Amon2 prior to 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the insecure implementation of the randomstring function, which could lead to the generation of insecu...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32663

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 7:16 p.m.2 views

DEBIAN-CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

8.7CVSS6.1AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 12:16 a.m.5 views

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

7.5CVSS0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

Ella Core 输入验证错误漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.6.0 contained a vulnerability related to input validation errors. This vulnerability occurred when processing NGAP messages with invalid PDU...

7.5CVSS6.4AI score0.00393EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 11:46 p.m.5 views

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS6.4AI score0.00393EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 11:46 p.m.2 views

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/23 11:46 p.m.29 views

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

6.5CVSS0.00393EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 11:46 p.m.11 views

CVE-2026-33281

CVE-2026-33281 affects Ella Core, a private-network 5G core. The issue occurs when processing NGAP messages with invalid PDU Session IDs outside 1-15, causing the process to panic and potentially disrupt service for all connected subscribers. No authentication is required. This affects versions p...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder