Lucene search
K

12 matches found

CVE
CVE
added 2026/06/23 7:5 a.m.14 views

CVE-2026-9733

CVE-2026-9733 affects Mojolicious::Plugin::Web::Auth::OAuth2 (Perl) versions up to 0.17. The insecure default state parameter arises from a SHA-1 based generator that uses epoch time (revealed via HTTP Date) and Perl rand, enabling CSRF session hijacking. A patch exists (Mojolicious-Plugin-Web-Au...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 7:5 a.m.4 views

CVE-2026-9733 Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS5.3AI score0.00339EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51481

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/22 5:53 p.m.9 views

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/22 5:53 p.m.7 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/22 5:53 p.m.38 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
CVE
CVE
added 2026/05/27 12:57 p.m.30 views

CVE-2026-46049

CVE-2026-46049 concerns the Linux kernel ALSA ctxfi driver (S/PDIF path). The issue arises in spdif_passthru_playback_setup() when pll_rate is not updated (remains 0), causing the MSR calculation loop to spin if 32000 Hz is skipped. The fix adds a fallback: if atc->pll_rate is 0, use atc->r...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/28 10:52 a.m.5 views

CVE-2025-59460

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

7.5CVSS6.9AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 10:10 a.m.10 views

CVE-2025-59460 Unsecure access configuration

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

7.5CVSS0.00394EPSS
Exploits0References6
CVE
CVE
added 2025/10/27 10:10 a.m.14 views

CVE-2025-59460

Technical details about CVE-2025-59460 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS6.5AI score0.00394EPSS
Exploits0References6Affected Software1
GithubExploit
GithubExploit
added 2025/03/18 2:49 a.m.610 views

Exploit for Use of Hard-coded Credentials in Tp-Link Tl-Wr845N_Firmware

Poc-CVE-2024-57040 CVE-2024-57040 is a security vulnerability...

9.8CVSS9.7AI score0.01116EPSS
Exploits1
CNVD
CNVD
added 2017/06/26 12:0 a.m.5 views

NetApp Clustered Data ONTAP Man-in-the-Middle Attack Vulnerability

NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. A man-in-the-middle attack vulnerability exists in the default...

7.5CVSS6.8AI score0.00839EPSS
Exploits0References1
Rows per page
Query Builder