648435 matches found
nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers
A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...
windows7-eternalblue-lab
MS17-010 EternalBlue Exploitation Lab Hands-on penetration t...
CVE-2026-14495
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-14495
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
EUVD-2026-42167
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-14495
CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...
CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
DEBIAN-CVE-2026-55645
Bulletin has no description...
Exploit for Unrestricted Upload of File with Dangerous Type in Joomlack Page_Builder_Ck
CVE-2026-56290 - Compagebuilderck Mass Exploit ⚠️ Disclai...
DEBIAN-CVE-2026-59997
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...
[SECURITY] Fedora 43 Update: python-rignore-0.7.6-7.fc43
rignore is a Python module that provides a high-performance, Rust-powered file system traversal functionality. It wraps the Rust ignore crate using PyO3, offering an efficient way to walk through directories while respecting various ignore rules...
[SECURITY] Fedora 43 Update: python-fastar-0.11.0-7.fc43
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...
[SECURITY] Fedora 44 Update: python-rignore-0.7.6-7.fc44
rignore is a Python module that provides a high-performance, Rust-powered file system traversal functionality. It wraps the Rust ignore crate using PyO3, offering an efficient way to walk through directories while respecting various ignore rules...
[SECURITY] Fedora 44 Update: python-fastar-0.11.0-7.fc44
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...
Exploit for CVE-2026-49777
!AMN SECURITYhttps://img.shields.io/badge/AMN-SECURITY-000000...
Exploit for CVE-2026-8206
🛡️ AMN SECURITY 🛡️ !CVE-2026-8206https://img.shields.io/ba...
PT-2026-56322
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologins::rrand seeds the Mersenne Twister with mt sranddouble microtime 1000000 — discarding the integer-second...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Summary Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that GHSA-97r5-pg8x-p63p added on the OAuth reauthentication path...
GHSA-F66Q-9RF6-8795 Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Summary Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that GHSA-97r5-pg8x-p63p added on the OAuth reauthentication path...