Lucene search
K

126 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.12 views

CVE-2026-56285

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS0.0036EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:13 p.m.13 views

CVE-2026-56285

Nitter is affected by a Server-Side Request Forgery in the /video media proxy endpoint. The vulnerability arises because the endpoint does not validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, enabling unauthenticated attackers to compute valid HMACs for arbitr...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/19 5:14 p.m.9 views

kernel: RDMA/mana: Validate rx_hash_key_len

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.10 views

CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

5.6AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:46 p.m.8 views

EUVD-2026-35157

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.4AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 12:0 a.m.13 views

UBUNTU-CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/05 12:15 p.m.9 views

CVE-2026-11329 onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/05 12:15 p.m.12 views

EUVD-2026-34826

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References7
CVE
CVE
added 2026/06/05 12:15 p.m.36 views

CVE-2026-11329

Technical details are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, impact, and remediation.

3.6CVSS4.6AI score0.00078EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

ONNX-MLIR 安全漏洞

ONNX-MLIR is an open-source compiler tool developed by Open Neural Network Exchange that converts ONNX graphs into efficient code. Versions of ONNX-MLIR prior to 0.5.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the generatehashkey...

3.6CVSS4.9AI score0.00078EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46946

Name of the Vulnerable Software and Affected Versions onnx onnx-mlir versions prior to 0.5.0.0 Description The Placeholder Node Cache Handler component contains an issue within the generate hash key function located in the src/Runtime/python/torch onnxmlir/src/torch onnxmlir/backend.py file. This...

3.6CVSS4.7AI score0.00078EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/04 5:22 p.m.13 views

EUVD-2026-34307

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References3
OSV
OSV
added 2026/05/31 8:16 p.m.9 views

DEBIAN-CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/31 7:43 p.m.8 views

CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

5.8AI score0.00399EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/31 7:43 p.m.16 views

EUVD-2026-33517

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

5.8AI score0.00399EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:6 a.m.10 views

RDMA/mana: Validate rx_hash_key_len

...

7.8CVSS5.4AI score0.00142EPSS
Exploits0
NVD
NVD
added 2026/05/28 10:16 a.m.13 views

CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS0.00142EPSS
Exploits0References12
OSV
OSV
added 2026/05/28 10:16 a.m.15 views

UBUNTU-CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.35 views

CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS0.00142EPSS
Exploits0References5
Rows per page
Query Builder