Lucene search
K

12263 matches found

CVE
CVE
added 3 days ago14 views

CVE-2026-15041

The CVE describes a flaw in 389 Directory Server (389-ds-base): non-constant-time comparison in the PBKDF2-SHA256 password verification uses standard memcmp() instead of a constant-time function. This could allow a remote attacker to leverage timing measurements of LDAP bind attempts to infer par...

3.7CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-15041 389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42164

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS6.8AI score0.0074EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-15041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a...

3.7CVSS6.1AI score0.003EPSS
Exploits0References3
Nuclei
Nuclei
added 4 days ago51 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6AI score0.73635EPSS
Exploits11References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago9 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.6AI score0.00298EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-42331

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-42331 FOSSBilling missing authorization in guest Invoice API endpoints

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-42331

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6AI score0.00247EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago13 views

CVE-2026-42331

FOSSBilling before version 0.8.0 has an authorization gap in the Guest API invoice/update endpoint. An unauthenticated attacker who knows an invoice hash can modify the payment gateway associated with an unpaid invoice, potentially changing gateway_id to any gateway configured in the system. The ...

7.7CVSS6AI score0.00247EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago8 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.6AI score0.00298EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.6AI score0.004EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2025-15668

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpddelentry of the file src/isomedia/boxcodebase.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The...

4.8CVSS0.00124EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago6 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41814

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-14758 radareorg radare2 hexpairs cmd_anal.inc.c cmd_anal_opcode integer overflow

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

4.8CVSS0.00131EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-14752

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function adddefinition of the file application/PHP/objects/notes/addintodictionary.php. Such manipulation of the argument reference leads to cross site scripting. It ...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-14738

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...

6.3CVSS0.00208EPSS
Exploits0References7
Rows per page
Query Builder