Lucene search
+L

728348 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2026-9323

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS
Exploits0References6
NVD
NVD
added 2 hours ago6 views

CVE-2026-11826

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS
Exploits0References4
GithubExploit
GithubExploit
added 2 hours ago8 views

Exploit for CVE-2026-60137

CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...

9.8CVSS6.9AI score
Exploits15
GithubExploit
GithubExploit
added 2 hours ago6 views

Exploit for CVE-2026-63030

wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...

9.8CVSS6.2AI score
Exploits15
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-9323 Insecure PRNG and Information Exposure in urwid Web Display Backend

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-9323

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS6AI score
Exploits0References7
CVE
CVE
added 2 hours ago6 views

CVE-2026-9323

The CVE-2026-9323 issue affects the urwid web display backend (urwid/display/web.py), where web session IDs (urwid_id) are created by concatenating two random.randrange(10**9) calls that rely on Python’s Mersenne Twister PRNG. This is not cryptographically secure. An observer collecting ~334 sess...

9.2CVSS6AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-45381

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS6AI score
Exploits0References6
CVE
CVE
added 2 hours ago5 views

CVE-2026-11826

OpenPLC_v3 has a heap-based buffer overflow in getData() within webserver/core/modbus_master.cpp. getData() copies data between delimiters into a caller-supplied buffer without size/bounds checks. parseConfig() uses a 100-byte heap-allocated MB_device.dev_name; an authenticated user can POST an o...

8.8CVSS5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-11826

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS5.8AI score
Exploits0References5
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-11826 OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-45380

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS5.8AI score
Exploits0References4
GithubExploit
GithubExploit
added 5 hours ago17 views

Exploit for Missing Authentication for Critical Function in Splunk

Splunk Enterprise — CVE-2026-20253 Training Lab Splunk En...

9.8CVSS6.9AI score0.88171EPSS
Exploits6
GithubExploit
GithubExploit
added 6 hours ago16 views

terminal-poc-corpus

terminal-poc-corpus A defensive, machine-readable corpus...

5.4AI score
Exploits0
OSV
OSV
added 6 hours ago8 views

RHSA-2026:39188 Red Hat Security Advisory: Red Hat JBoss Web Server 7.0.0 security release

Bulletin has no description...

7.5CVSS5.1AI score0.21691EPSS
Exploits8References54
NVD
NVD
added 7 hours ago5 views

CVE-2026-47867

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in...

8.7CVSS
Exploits0References1
NVD
NVD
added 7 hours ago4 views

CVE-2026-47869

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1...

8.7CVSS
Exploits0References1
NVD
NVD
added 7 hours ago6 views

CVE-2026-47870

VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access may be able to execute remote code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1 through...

7.1CVSS
Exploits0References1
NVD
NVD
added 7 hours ago5 views

CVE-2026-47871

VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authenticated network users to perform directory traversal attacks. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed...

8.8CVSS
Exploits0References1
NVD
NVD
added 7 hours ago6 views

CVE-2026-47865

VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism. Affected versions: 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7...

9.8CVSS
Exploits0References1
Rows per page
Query Builder