Lucene search
K

315 matches found

Cvelist
Cvelist
added 2026/06/30 7:42 p.m.33 views

CVE-2026-11906 IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:42 p.m.19 views

CVE-2026-11906

CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 11:10 p.m.18 views

CVE-2026-9219

CVE-2026-9219 affects the Setracker2 Android Companion App (package com.tgelec.setracker) up to version 3.1.5. The root cause is a predictable registration ID derived from IMEI and an enrollment system that lacks additional authentication before assignment. If an attacker can obtain the registrat...

8.3CVSS5.9AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.7 views

GO-2026-5473 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions in github.com/projectdiscovery/nuclei

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions in github.com/projectdiscovery/nuclei...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References7
CVE
CVE
added 2026/06/22 4:23 p.m.15 views

CVE-2026-54269

CVE-2026-54269 affects protobufjs. Prior to versions 8.6.0 and 7.6.3 , schema-derived names could collide with runtime helper properties (e.g., fields named hasOwnProperty, names like $type, and rpcCall). When loaded schemas are used, protobufjs could read schema-controlled data where an own-prop...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/06/22 4:23 p.m.30 views

CVE-2026-54269 protobufjs: Schema-derived names can shadow runtime-significant properties

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 9:42 p.m.7 views

GHSA-8W8F-R2XV-4Q4J OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types

On OpenBao 2.5.4 and 2.5.2and likely earlier versions also, an authenticated caller with write access to transit/keys/ can crash the OpenBao server by issuing a single key-creation request that combines an asymmetric type rsa-, ecdsa-, ed25519 with derived: true. The server returns no HTTP respon...

6.5CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51111

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...

6.5CVSS5.9AI score
Exploits0References7
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.11 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.5 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:27 p.m.7 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant properties. An attacker can cause affected message or...

6.9CVSS5.7AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:27 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant...

6.9CVSS5.6AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.9 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS0.00319EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 1:19 p.m.18 views

CVE-2017-20240

CVE-2017-20240 affects Crypt::PBKDF2 for Perl, with versions before 0.261630 vulnerable to timing attacks due to using Perl’s built-in eq comparison. Discrepancies in timing could reveal information about the derived key. Affected software: Crypt::PBKDF2 prior to 0.261630. Root cause: insecure eq...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/12 1:19 p.m.7 views

EUVD-2017-18978

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 1:19 p.m.9 views

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.2AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48869

Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Certain versions are susceptible to timing attacks because they utilize Perl's built-in eq comparison. This allows discrepancies in timing to be used to guess the underlying derived-key...

5.9CVSS5.1AI score0.00319EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2017-20240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing coul...

5.9CVSS5.5AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 1:30 p.m.3 views

GHSA-VR35-JM2F-8WG2 Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

4.9CVSS5.7AI score0.00436EPSS
Exploits0References4
Rows per page
Query Builder