CVE-2026-45701 Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6...

CVE-2026-41681

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. The EVPDigestFinal function, used for cryptographic hashing, can write past the end of its intended output buffer if the buffer is too small. This out-of-bounds write can corrupt the program'...

EUVD-2020-1453

Malware in sbrugna...

EUVD-2007-1048

Malware in sbrugna...

EUVD-2021-0702

Malware in sbrugna...

RHEL 8 : kernel (RHSA-2025:14742)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14742 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netsched: hfsc: Fix a UAF...

SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP4) (SUSE-SU-2025:02860-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02860-1 advisory. This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID:...

CVE-2021-21339

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...

CVE-2020-26228

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in...

BIT-TYPO3-2020-26228

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in...

Unspecified Vulnerability in IBM Tivoli Key Lifecycle Manager (CNVD-2021-88185)

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IBM Tivoli Key Lifecycle Manager that stems fr...

Debian: Security Advisory (DLA-2814-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CSRF token exposure in TYPO3 extension

When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...

Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)

When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...

CVE-2021-21339

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...

Cleartext storage of session identifier

Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system...

CVE-2021-21339 Cleartext storage of session identifier

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...

CVE-2021-21339

CVE-2021-21339 affects TYPO3, a PHP-based CMS. The issue is that user session identifiers were stored in cleartext in versions prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, and 11.1.1. The root cause is storage of session identifiers without additional cryptographic hashing, and exploitation ...

Cleartext storage of session identifier

User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system...

GHSA-954J-F27R-CJ52 Cleartext storage of session identifier

User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Solution...