Lucene search
K

1839 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock acros...

5.5CVSS6AI score0.00114EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 7:5 a.m.9 views

EUVD-2026-38421

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51481

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

9.1CVSS5.4AI score0.00339EPSS
Exploits0References6
NVD
NVD
added 2026/06/18 7:16 p.m.12 views

CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS0.00274EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.10 views

SUSE CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 8:6 p.m.33 views

CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:6 p.m.26 views

CVE-2026-46654

The CVE-2026-46654 issue affects Plonky3’s MultiField32Challenger in the prover transcript handling, where transcript malleability allows an attacker controlling prover-side observations to craft transcripts that yield identical challenges, breaking Fiat-Shamir binding. Root cause: a mismatch bet...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.11 views

On-Chip Quantum Randomness Amplification

Randomness amplification, the task of extracting uniform private bits from biased seeds that may be partly known by a malicious third party, is of central importance in cryptography. The highest security in this task is provided by a class of quantum protocols known as device-independent, which...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/08 8:14 a.m.85 views

Smart_Contract_Researcher_POC

Smart Contract Security Research Portfolio hailthelord...

5.6AI score
Exploits0
Fedora
Fedora
added 2026/06/08 1:24 a.m.18 views

[SECURITY] Fedora 44 Update: haveged-1.9.22-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

7.8CVSS5.4AI score0.00185EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-34527

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

5.3CVSS5.3AI score0.00091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.6AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 7:50 p.m.8 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

6.9CVSS5.5AI score0.00047EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/04 7:50 p.m.7 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

6.9CVSS5.5AI score0.00047EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/04 7:50 p.m.13 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

6.9CVSS5.5AI score0.00047EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 2:16 p.m.13 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:46 p.m.6 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 12:46 p.m.9 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/04 12:0 a.m.11 views

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ listener...

5.8AI score0.00047EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder