Lucene search
K

132 matches found

OSV
OSV
added 3 days ago6 views

PYSEC-2026-384 Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6AI score
Exploits0References6
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-47770

A flaw was found in jq, a command-line JSON processor. This vulnerability allows a local user or an attacker providing malicious input to cause a denial of service DoS by comparing two sufficiently deeply nested arrays using the '==' operator. This action exhausts the C stack due to uncontrolled...

6.8CVSS5.7AI score0.00111EPSS
Exploits1References4
OSV
OSV
added last week5 views

GHSA-V2WP-FRMC-5Q3V Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-38380

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 8:17 p.m.20 views

CVE-2026-47379

CVE-2026-47379 – NocoDB : The shared-view password check used a strict-equality comparison for legacy plaintext passwords, leaking the password length and per-character prefix via response timing. The bcrypt branch was unaffected; the vulnerability lies in the legacy comparison path in the shared...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-48516

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

7.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 3:16 p.m.10 views

CVE-2026-47137

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS0.00382EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 2:15 p.m.8 views

EUVD-2026-36443

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS8.4AI score0.0279EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

7.5CVSS5.4AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.7 views

CVE-2026-44928

A flaw was found in uriparser. The EqualsUri function can incorrectly identify distinct Uniform Resource Identifiers URIs as identical. This misclassification can lead to improper URI handling within applications that use uriparser, potentially compromising data integrity. Mitigation Mitigation f...

5.3CVSS4.8AI score0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:7 p.m.9 views

CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.8AI score0.00196EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Catalyst-Plugin-Authentication 安全漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10024 contain security vulnerabilities; these vulnerabilities stem from the use of the Perl built-in eq comparison function, which may lead...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 9:16 p.m.4 views

UBUNTU-CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/20 8:25 p.m.29 views

CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

0.00393EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

perl-Crypt-SaltedHash 安全漏洞

perl-Crypt-SaltedHash is a Perl password hashing tool developed by Robert Rothenberg. Versions of perl-Crypt-SaltedHash prior to 0.09 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Perl eq comparison function; timing differences could be exploited t...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42265

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.110.0 Description Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying hash...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References18
EUVD
EUVD
added 2026/05/08 9:31 a.m.17 views

EUVD-2026-28537

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/08 8:16 a.m.9 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/08 7:15 a.m.10 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.7 views

Cryptographic and Information-Theoretic Security Capacities for General Arbitrarily Varying Wiretap Channels

We compare the strong secrecy capacities of Arbitrarily Varying Wiretap Channels AVWCs and General Arbitrary Varying Wiretap Channels GAVWCs with their capacities under semantic secrecy constraint and other equivalent cryptographic secrecy constraints. It turns out that the average error and stro...

5.8AI score
Exploits0
Rows per page
Query Builder