Lucene search
K

423 matches found

NVD
NVD
added 2026/07/07 6:16 a.m.10 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:24 a.m.6 views

EUVD-2026-42005

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:24 a.m.6 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00215EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 5:24 a.m.30 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.10 views

CVE-2026-54269

A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 6:39 p.m.4 views

DRUPAL-CONTRIB-2026-057

This module provides the entity type and runtime for Drupal AI Agents, enabling agents to use tools. Under certain circumstances, the agent inherits deterministic parameters when invoking the same tool in one request, which can lead to information disclosure...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow AppArmor to handle unaligned DFA tables. DFA tables can originate from the kernel or user space, and 8-byte alignment is not always guaranteed. This may lead to unaligned memory accesses on various architectures...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52170

Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description An incorrect authorization issue allows forceful browsing. Under certain conditions, the agen...

6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
OSV
OSV
added 2026/06/12 12:24 p.m.10 views

OESA-2026-2612 nss security update

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

6.5CVSS5.5AI score0.00628EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:22 p.m.13 views

EUVD-2026-34307

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/03 8:12 p.m.9 views

CVE-2026-46254

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability arises when AppArmor processes unaligned Deterministic Finite Automaton DFA tables, which can originate from either kernel or userspace. The unaligned memory access triggered by these tables can lead to system...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.14 views

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.17 views

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 6:16 p.m.23 views

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

9.1CVSS0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 5:17 p.m.26 views

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/05/26 3:4 a.m.132 views

ndaybench

ndaybench A benchmark for measuring whether AI agents can bui...

7CVSS7.2AI score0.31894EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: bouncycastle (UTSA-2026-016627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016627 advisory. Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library...

5.9CVSS6.8AI score0.01522EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in mbedtls

In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...

5.3CVSS6AI score0.01773EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before version 2.10.4. When hashing empty dictionary strings in a crafted XML document, the xmlDictComputeFastKey function in dict.c can produce non-deterministic values, resulting in various logical and memory errors, such as double-free errors. This behavior...

6.5CVSS7.1AI score0.01013EPSS
Exploits0References2
Rows per page
Query Builder