Lucene search
+L

221 matches found

ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-55225

Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...

6.2AI score0.0023EPSS
Exploits0References3
osv
osv
added 2026/06/25 9:16 a.m.7 views

UBUNTU-CVE-2026-53191

In the Linux kernel, the following vulnerability has been resolved: iouring/net: inherit IORINGCQEFBUFMORE across bundle recv retries When a bundle recv retries inside iorecvfinish, the merge logic OR the saved cflags from the previous iteration with the cflags returned by the new iteration: cfla...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References7
cve
cve
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53138

The CVE-2026-53138 issue affects the Linux kernel’s drm/amd/display driver. A malformed VBIOS image can cause unbounded record-chain walk loops in bios_parser.c and bios_parser2.c due to for(;;) loops that terminate only on a 0xFF sentinel or zero record_size. This can lead to a large number of i...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References8Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.9 views

PT-2026-52234

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel within the drm/amd/display component. Record-chain walk loops in bios parser.c and bios parser2.c utilize for;; loops that only terminate upon...

8.8CVSS6AI score0.00247EPSS
Exploits0References380
nvd
nvd
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS0.00073EPSS
Exploits0References2
fedora
fedora
added 2026/06/21 1:11 a.m.5 views

[SECURITY] Fedora 43 Update: perl-Crypt-PBKDF2-0.261630-1.fc43

PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily hig h. PBKDF2 uses any other cryptographic hash or cipher by convention, usually HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable, and allows for...

7.5CVSS5.8AI score0.00319EPSS
Exploits0
github
github
added 2026/06/18 9:9 p.m.12 views

PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

5.6AI score
Exploits0References6Affected Software2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50694

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.63 Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The AddAudioToVideoBlock function downloads and stores video and audio file...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References5
susecve
susecve
added 2026/06/16 2:23 a.m.11 views

SUSE CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/15 2:36 p.m.10 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References2
nvd
nvd
added 2026/06/12 4:16 p.m.19 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS0.00226EPSS
Exploits0References7
osv
osv
added 2026/06/12 4:16 p.m.7 views

UBUNTU-CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.4AI score0.00226EPSS
Exploits0References7
euvd
euvd
added 2026/06/12 2:57 p.m.11 views

EUVD-2026-36470

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/12 2:57 p.m.29 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

0.00226EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 2:57 p.m.10 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3AI score0.00226EPSS
Exploits0References2
cve
cve
added 2026/06/12 2:57 p.m.27 views

CVE-2026-9641

CVE-2026-9641 affects Crypt::PBKDF2 for Perl prior to 0.261630. The vulnerability stems from a weak default configuration: using HMAC-SHA1 as the default algorithm and a default 1000 iterations, which is insufficient for modern password hashing. The impact, per sources, could involve reduced resi...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References7
osv
osv
added 2026/06/12 2:57 p.m.2 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References11
rustsec
rustsec
added 2026/06/12 12:0 p.m.14 views

Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service

A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...

5.4AI score
Exploits0Affected Software1
osv
osv
added 2026/06/12 12:0 p.m.20 views

RUSTSEC-2026-0179 Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service

A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...

8.7CVSS5.5AI score
Exploits0References4
susecve
susecve
added 2026/06/12 2:32 a.m.14 views

SUSE CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References3
Rows per page
Query Builder