728348 matches found
CVE-2026-9323
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...
CVE-2026-11826
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
Exploit for CVE-2026-60137
CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...
Exploit for CVE-2026-63030
wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...
CVE-2026-9323 Insecure PRNG and Information Exposure in urwid Web Display Backend
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...
CVE-2026-9323
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...
CVE-2026-9323
The CVE-2026-9323 issue affects the urwid web display backend (urwid/display/web.py), where web session IDs (urwid_id) are created by concatenating two random.randrange(10**9) calls that rely on Python’s Mersenne Twister PRNG. This is not cryptographically secure. An observer collecting ~334 sess...
EUVD-2026-45381
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...
CVE-2026-11826
OpenPLC_v3 has a heap-based buffer overflow in getData() within webserver/core/modbus_master.cpp. getData() copies data between delimiters into a caller-supplied buffer without size/bounds checks. parseConfig() uses a 100-byte heap-allocated MB_device.dev_name; an authenticated user can POST an o...
CVE-2026-11826
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2026-11826 OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
EUVD-2026-45380
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
Exploit for Missing Authentication for Critical Function in Splunk
Splunk Enterprise — CVE-2026-20253 Training Lab Splunk En...
terminal-poc-corpus
terminal-poc-corpus A defensive, machine-readable corpus...
RHSA-2026:39188 Red Hat Security Advisory: Red Hat JBoss Web Server 7.0.0 security release
Bulletin has no description...
CVE-2026-47867
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in...
CVE-2026-47869
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1...
CVE-2026-47870
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access may be able to execute remote code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1 through...
CVE-2026-47871
VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authenticated network users to perform directory traversal attacks. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed...
CVE-2026-47865
VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism. Affected versions: 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7...