Lucene search
+L

1850 matches found

CVE
CVE
added 2026/05/17 6:51 p.m.32 views

CVE-2026-8721

CVE-2026-8721 affects Crypt::OpenSSL::PKCS12 for Perl up to version 1.94. The root cause is that PKCS12.xs passes password data as char* through Perl’s typemap, discarding length, and the C/OpenSSL code calls strlen() on the buffer, causing any password byte at or after the first NULL to be silen...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References2
OSV
OSV
added 2026/05/17 6:51 p.m.4 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS6AI score0.00447EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.23 views

PT-2026-41583

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description The software truncates passwords containing embedded NULL characters. In the PKCS12.xs file, password parameters are declared as char , which utilizes Perl's default typemap SvPV nolen,...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-8721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes...

9.8CVSS5.6AI score0.00447EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

Crypt::OpenSSL::PKCS12 安全漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides functionality for calling the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/16 1:16 a.m.21 views

SUSE CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.13 views

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

10CVSS5.8AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.16 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 5:5 p.m.13 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 5:5 p.m.11 views

EUVD-2026-30565

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:5 p.m.8 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 5:5 p.m.45 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00267EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 2:0 p.m.8 views

OESA-2026-2295 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 2:0 p.m.11 views

OESA-2026-2294 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 2:0 p.m.12 views

OESA-2026-2293 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 12:27 p.m.10 views

CVE-2026-8503

A flaw was found in Apache::Session::Generate::SHA256 within perl-Apache-Session-Browseable. The session ID generator uses predictable, low-entropy sources such as the rand function, epoch time, and process ID PID to create session identifiers. This weakness allows a remote attacker to predict...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 12:17 p.m.10 views

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS0.00243EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 11:6 a.m.9 views

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/15 11:6 a.m.42 views

CVE-2026-8503 Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

0.00243EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/15 11:6 a.m.12 views

CVE-2026-8503 Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

5.8AI score0.00243EPSS
Exploits0References5
Rows per page
Query Builder