Lucene search
K

5221 matches found

CVE
CVE
added 2026/06/12 2:47 p.m.29 views

CVE-2026-50009

Netty QUIC (prior to 4.2.15.Final) exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. An on-path attacker observing QUIC headers after a source-CID rotation can derive the server’s current source-CID reset to...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/11 10:51 p.m.36 views

CVE-2026-45060

CVE-2026-45060 (ClipBucket) affects ClipBucket v5.x prior to 5.5.3. The vulnerability is a blind SQL injection in the actions/progress_video.php endpoint, exploitable by unauthenticated users via the ids parameter to exfiltrate data. The issue is confirmed as patched in version 5.5.3 (#129). If e...

9.8CVSS5.7AI score0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:31 a.m.32 views

CVE-2026-53901 Cerebrate before v1.37 allows mass assignment of record identifiers during object creation

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

8.7CVSS0.00312EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

Fedora 43 : rust (2026-d7436d12ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7436d12ae advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/10 6:3 p.m.9 views

mysql:8.4 security update

An update is available for module.mysql, module.mecab, module.rapidjson, perl-DBD-MySQL, module.mecab-ipadic, mysql, mecab-ipadic, module.perl-DBD-MySQL, rapidjson, mecab. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.5CVSS7.9AI score0.00323EPSS
Exploits0
NVD
NVD
added 2026/06/10 12:16 a.m.19 views

CVE-2026-41701

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.7 views

CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.40 views

CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:49 a.m.43 views

CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

VMware Spring Framework 安全特征问题漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 contain security...

7.5CVSS5.2AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 11:2 p.m.10 views

GHSA-XMV7-R254-6Q78 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

6.8CVSS5.5AI score0.00256EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/08 11:2 p.m.8 views

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers due to the use of a predictable pseudo-random number generator for DNS transaction IDs and a default static UDP source port in the DNS resolution process. An attacker can redirect network...

6.9CVSS5.5AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 12:30 p.m.13 views

GHSA-Q42J-X8RQ-PJG6 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 10:22 a.m.47 views

CVE-2026-47430

CVE-2026-47430 affects the iOS implementation of Cordova Plugin InAppBrowser. The issue arises when the WKScriptMessage id field is passed to commandDelegate sendPluginResult:callbackId: without format validation (CDVWKInAppBrowser.m:560–574), allowing a web content loaded in the InAppBrowser to ...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

CodeAstro Ingredients Stock Management System 注入漏洞

CodeAstro Ingredients Stock Management System is a stock management system for ingredients developed by CodeAstro Inc. Version 1.0 of the CodeAstro Ingredients Stock Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the...

6.5CVSS6.6AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.24 views

PT-2026-47194

Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...

9.5CVSS5.5AI score0.00723EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-5084

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

6.5CVSS5.5AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5082

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

5.3CVSS5.4AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.5AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.14 views

CVE-2026-45180

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...

7.5CVSS5.5AI score0.00244EPSS
Exploits0References1
Rows per page
Query Builder