Lucene search
K

5808 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 5:17 p.m.17 views

CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 5:17 p.m.37 views

CVE-2026-6659 Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

0.00447EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 3:16 p.m.14 views

UBUNTU-CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Apache::Session::Generate::MD5 安全漏洞

Apache::Session::Generate::MD5 is a session management module provided by the Apache Foundation. Versions of Apache::Session::Generate::MD5 prior to 1.94 contained security vulnerabilities. These vulnerabilities stemmed from the recreation of deleted sessions, which could lead to the restoration ...

9.1CVSS5.8AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.22 views

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for...

7.5CVSS6AI score0.00447EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function fo...

9.4CVSS6.1AI score0.00443EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/07 7:8 p.m.8 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 8:23 a.m.10 views

CLSA-2026-1778142227 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

8.7CVSS6.1AI score0.00921EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 5:6 a.m.11 views

MGASA-2026-0111 Updated nginx packages fix security vulnerabilities

Buffer overflow in ngxhttpdavmodule CVE-2026-27654 Buffer overflow in the ngxhttpmp4module CVE-2026-27784 Buffer overflow in the ngxhttpmp4module CVE-2026-32647 NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651 Injection in authhttp and XCLIENT CVE-2026-28753 OCSP result bypass...

8.8CVSS7.5AI score0.21621EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 7:35 p.m.12 views

GHSA-2CWR-GCF9-PVXR Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 8:41 a.m.12 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.15 views

SUSE CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 5:45 a.m.77 views

CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

3.7CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 5:45 a.m.2 views

CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 5:41 a.m.37 views

CVE-2026-43859

Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:41 a.m.6 views

CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

mutt 安全漏洞

Mutt is an open-source command-line email client for sending emails from the terminal. Versions of Mutt prior to 2.3.2 had security vulnerabilities, which stemmed from sometimes using strfcpy instead of memcpy for the IMAP authcram MD5 digest...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

JeeSite 路径遍历漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Version JeeSite 5.15.1 contains a path traversal vulnerability, which stems from issues with the fileMd5 parameter in the /a/file/upload endpoint. This vulnerability could allow authenticated attackers with file...

9.6CVSS5.9AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder