Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/07 6:13 p.m.3 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/27 11:36 a.m.5 views

SUSE CVE-2014-125112

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...

9.8CVSS6.4AI score0.0083EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 7:35 p.m.5 views

GHSA-PPWX-5JQ7-PX2W Fleet: Device lock PIN can be predicted if lock time is known

Summary Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if the approximate time the device was locked is known. Impact Fleet’s...

4.1CVSS5.7AI score0.00124EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/17 9:34 p.m.2 views

Authentication Bypass Using an Alternate Path or Channel

Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacke...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 9:34 p.m.6 views

Authentication Bypass Using an Alternate Path or Channel

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacker can impersonate authorize...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 9:34 p.m.3 views

Authentication Bypass Using an Alternate Path or Channel

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacker can...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 11:16 a.m.6 views

CVE-2025-59870

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

9.8CVSS5.8AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-25989

Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...

4.7CVSS6AI score0.00246EPSS
Exploits1References10
CVE
CVE
added 2024/04/23 5:38 p.m.83 views

CVE-2024-32482

The CVE-2024-32482 concerns the Tillitis TKey Signer device application (ed25519 signer). A vulnerability can disclose portions of the TKey’s data in RAM over the USB interface when the device is touched and a custom client is used. No secret is disclosed. Exploitation requires local access via U...

2.2CVSS6.5AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2014/01/01 12:0 a.m.10 views

PT-2026-28191

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Cookie versions through 0.21 Description Plack::Middleware::Session::Cookie versions through 0.21 allows remote code execution. The issue occurs during deserialization of cookie data when no secret is used to sign t...

9.8CVSS6.4AI score0.0083EPSS
Exploits0References7
Rows per page
Query Builder