262 matches found
EUVD-2023-2777
Malicious code in bioql PyPI...
EUVD-2023-23404
Malicious code in bioql PyPI...
EUVD-2023-27231
Malicious code in bioql PyPI...
EUVD-2022-49970
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-11035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD...
Malicious code in joddoc (npm)
The package joddoc was found to contain malicious code...
MAL-2025-22748 Malicious code in hsreport (npm)
The package hsreport was found to contain malicious code...
(0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a...
CVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...
CVE-2025-32801
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...
CVE-2023-38351
MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack...
CVE-2020-20067
File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter...
CVE-2020-27635
In PicoTCP 1.7.0, TCP ISNs are improperly random...
CVE-2013-3637
ProjectPier 0.8.8 does not use the Secure flag for cookies...
CVE-2025-33093
IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret...
CVE-2025-32882
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...
CVE-2024-52322
WebService::Xero 0.11 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs...
CVE-2024-57868
CVE-2024-57868 affects Web::API 2.8 and earlier for Perl. The root cause is use of rand() as the default entropy source via Data::Random, which is not cryptographically secure, for cryptographic functions. This is stated in the CVE description and supported by references to Data::Random and rand(...
GHSA-2FRX-2596-X5R6 gitoxide does not detect SHA-1 collision attacks
Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...