EUVD-2026-23972

Nginx-UI: Cross-Site WebSocket Hijacking CSWSH via missing origin validation on all WebSocket endpoints...

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

Malicious code in @hestjs/scalar (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36a72c3f3f21fe3a00bb733bb8c5470311fe9906143d0e0d76b110a75451085 Any computer that has this package installed or running should be considered fully compromised. All...

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

DEBIAN-CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...

Broadcom RAID Controller Security Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation USA. A security vulnerability exists in the Broadcom RAID Controller that stems from an insecure HTTP configuration in the web interface that prevents the protection of cookies with the Secure attribute...

SUSE CVE-2023-26604

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less...

SUSE CVE-2018-5113

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...

CVE-2023-22606

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

openSUSE Security Update : Chromium (openSUSE-2019-559)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530 : - CVE-2018-6153: Stack-based buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC ...

Security update for Chromium (important)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530: - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC -...

From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'

Starting today with the release of Chrome 68, Google Chrome prominently marks all non-HTTPS websites as 'Not Secure' in its years-long effort to make the web a more secure place for Internet users. So if you are still running an insecure HTTP Hypertext Transfer Protocol website, many of your...

From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'

Starting today with the release of Chrome 68, Google Chrome prominently marks all non-HTTPS websites as 'Not Secure' in its years-long effort to make the web a more secure place for Internet users. So if you are still running an insecure HTTP Hypertext Transfer Protocol website, many of your...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 68 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 68.0.3440.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

Google Chrome Will Mark FTP Resources As “Not Secure”

By Uzair Amir It seems like Google is making some serious changes in This is a post from HackRead.com Read the original post: Google Chrome Will Mark FTP Resources As Not Secure...

On the Onliner Spambot, WireX, and Sarahah

Mike Mimoso and Chris Brook discuss the news of the week, including the Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more. Download: ThreatpostNewsWrapSeptember12017.mp3 Music by Chris Gonsalves Show notes: Google Reminding Admins HTT...

Chrome to Mark More HTTP Pages 'Not Secure'

Google began in January flashing warnings in the Chrome address bar that a page was “Not Secure” if password or payment card data fields were present. “Since the change in Chrome 56, there has been a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card...

Google Chrome to Label Sensitive HTTP Pages as "Not Secure"

Although over three months remaining, Google has planned a New Year gift for the Internet users, who're concerned about their privacy and security. Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit car...