perl-Crypt-SaltedHash 安全特征问题漏洞

perl-Crypt-SaltedHash is a Perl password hashing tool developed by Robert Rothenberg. Versions of perl-Crypt-SaltedHash prior to 0.09 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in rand function to generate insecure random salt values. This function...

CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

bitwarden 安全漏洞

Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks, allowing any authenticated user to write passwords to any...

Security Tool Consolidation

The average enterprise security team manages 10 to 15 separate security tools. Each one generates its own alerts, requires its own maintenance, and delivers findings in its own format. The result? Fragmented visibility, duplicated costs, and a team that spends more time switching between dashboar...

CVE-2026-32968

CVE-2026-32968 describes an unauthenticated RCE in the MB CONNECT LINE MBCONNECT24 family (mymbCONNECT24 and mbCONNECT24) up to version 2.5.0. The vulnerability arises from improper neutralisation of special elements used in an OS command, allowing a remote attacker to execute code and potentiall...

HAPI FHIR 信息泄露漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.0 contained a vulnerability related to information leakage. This vulnerability occurred because the internal HTTP client, when setting HTTP request headers, sent the same set of headers ...

Threat Exposure Management vs. Legacy Scanners: A Clear Winner

Attackers don’t think in terms of CVSS scores. They think in terms of attack paths. They look for the weakest link—a misconfiguration here, an unpatched server there—that they can chain together to reach your most valuable assets. Traditional vulnerability scanners are completely blind to this...

EUVD-2025-204190

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through = 1.9...

WordPress plugin Legacy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5 Best Threat Exposure Management Tools for 2025

A long list of vulnerabilities without context isn't a security strategy—it's just noise. Legacy vulnerability scanners are great at finding potential flaws, but they often fail to answer the most important question: "What should we fix right now?" This is why Threat Exposure Management TEM...

Linux Distros Unpatched Vulnerability : CVE-2021-3697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performe...

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

CVE-2023-45696 HCL Sametime is impacted by an autocomplete enabled vulnerability

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

PT-2022-7922 · Axis · Axis Device

Name of the Vulnerable Software and Affected Versions: Axis devices affected versions not specified Description: A vulnerability was found in legacy Axis devices, affecting an unknown part of the component CGI Script. The manipulation leads to improper privilege management, and it is possible to...

DEBIAN-CVE-2022-24884

ecdsautils is a tiny collection of programs used for ECDSA keygen, sign, verify. ecdsaverifypreparelegacy does not check whether the signature values r and s are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple...

stellar-legacy.net XSS vulnerability

Open Bug Bounty ID: OBB-79034 Description| Value ---|--- Affected Website:| stellar-legacy.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

CVE-2011-0543

Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack...

security flaw

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...