Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 5:36 p.m.83 views

vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.5AI score0.01014EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 12:9 a.m.10 views

CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

7.5CVSS5.7AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46052

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses the EVP BytesToKey key derivation function with MD5 and a single iteration for AES encryption. MD5 is a cryptographic hash function that is no longer secure, and the use of a...

5.8AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:16 p.m.14 views

CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

8CVSS0.00322EPSS
Exploits0References9
CVE
CVE
added 2026/05/27 12:23 p.m.73 views

CVE-2026-42789

The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...

8CVSS5.9AI score0.00322EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43712

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 26.2.5.20 Erlang OTP versions 27.x prior to 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.1 Erlang OTP versions 29.x prior to 29.0.1 public key versions 0.22 through 1.15.1.6 public key versions 1.17.x pri...

8CVSS5.9AI score0.00322EPSS
Exploits0References40
Github Security Blog
Github Security Blog
added 2026/05/06 6:42 p.m.8 views

Kimai's Twig function config() leaks server-wide secrets (LDAP bind password, SAML SP private key) via invoice/export templates

Summary Kimai's Twig sandbox StrictPolicy, used for admin-uploaded invoice and export templates allow-lists the config Twig function with no key filtering. configname delegates to App\Configuration\SystemConfiguration::find$name, which returns arbitrary entries from the flattened kimai.config...

5.9AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/05 10:16 p.m.12 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS0.00308EPSS
Exploits1References1
NVD
NVD
added 2026/02/10 6:16 p.m.7 views

CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS0.0023EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/11/21 10:4 p.m.4 views

CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

7.5CVSS6.7AI score0.00204EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.6 views

Evope 1.1.3.20 Hardcoded Cryptographic Key

The component Evope Core in Evope version 1.1.3.20 uses a hardcoded cryptographic key, which means that encryption/decryption keys are permanently embedded in the source code, rather than being securely managed. This creates a critical security flaw because anyone who gains access to or...

7.1AI score0.00133EPSS
Exploits0
OSV
OSV
added 2023/09/20 1:15 p.m.2 views

DEBIAN-CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

7.5CVSS6.7AI score0.02626EPSS
Exploits0References1
OSV
OSV
added 2023/09/20 1:15 p.m.3 views

ALPINE-CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

7.5CVSS7AI score0.02626EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.5 views

PT-2023-5449 · Isc +12 · Bind 9 +12

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.2.0 through 9.16.43 BIND 9 versions 9.18.0 through 9.18.18 BIND 9 versions 9.19.0 through 9.19.16 BIND 9 versions 9.9.3-S1 through 9.16.43-S1 BIND 9 versions 9.18.0-S1 through 9.18.18-S1 Description: The code that processes...

7.8CVSS6.5AI score0.99995EPSS
Exploits1References151
OSV
OSV
added 2021/09/16 1:15 p.m.4 views

CVE-2021-34571

Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM...

6.5CVSS6.6AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2020/06/29 6:15 p.m.5 views

UBUNTU-CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client...

5.9CVSS6.2AI score0.03146EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/08/08 4:14 p.m.8 views

kernel: crypto: GPF in lrw_crypt caused by null-deref

The lrwcrypt function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept2 system call for AFALG socket without calling setkey first to set a cipher key...

5.5CVSS7.1AI score0.00504EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/02/20 12:0 a.m.5 views

PT-2016-4081 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.4.2 Description: The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This occurs when a crafted application does not supply a key, related ...

10CVSS7.4AI score0.80855EPSS
Exploits122References543
Rows per page
Query Builder