Lucene search
K

3172 matches found

Cvelist
Cvelist
added yesterday20 views

CVE-2026-61500 Rejetto HFS < 3.2.1 Session Forgery via Predictable Signing Key

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59930

A flaw was found in Mistune, a Python Markdown parser. The table of contents toc plugin and TableOfContents directive generate heading identifiers IDs as predictable values e.g., tocN without properly processing the heading text. This allows an attacker to control content with a colliding ID, whi...

4.3CVSS6AI score0.00128EPSS
Exploits1References6
CVE
CVE
added 5 days ago14 views

CVE-2026-58198

ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42685

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-58198

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS0.00128EPSS
Exploits1References3
CVE
CVE
added 2026/07/07 5:24 a.m.16 views

CVE-2026-57869

CVE-2026-57869 affects MicroRealEstate up to version 1.0.0-alpha3. The vulnerability stems from broken object-level access controls and a deterministic pattern used in random ID generation, enabling attackers to access documents uploaded by landlords or tenants without authorization. The availabl...

7.1CVSS6AI score0.00215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-38968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak...

9.8CVSS6AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 9:16 p.m.4 views

UBUNTU-CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS6AI score0.00379EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41260

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.7.6 via the appointmentkey parameter due to the appointment editkey — the sole authorization token consumed by tryCance...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 12:0 a.m.18 views

CVE-2026-38968

ntopng (through 6.6) is reported vulnerable to a Predictable Session Identifier flaw. The issue occurs in HTTPsession creation within src/HTTPserver.cpp, where time-seeded pseudo-randomness can yield deterministic or colliding cookies, enabling session hijacking under attacker-controlled timing. ...

9.8CVSS5.8AI score0.00379EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.47 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55303

Name of the Vulnerable Software and Affected Versions ntopng versions prior to 6.7 Description Predictable session identifiers can lead to session hijacking. The issue occurs because HTTP session identifiers in the src/HTTPserver.cpp file use weak time-seeded pseudo-randomness during session...

9.8CVSS5.9AI score0.00379EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS6AI score0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 11:58 a.m.21 views

CVE-2026-53903

CVE-2026-53903 affects MCO via the insecure endpoint /customer/servlet/mco/webapi/trading-document/fetchPdfStatement. The underlying issue is an IDOR: the app does not properly validate that an authenticated user is authorized to access a requested document, allowing retrieval based on a user-sup...

8.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 8:16 a.m.4 views

UBUNTU-CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 6:46 a.m.37 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 6:46 a.m.7 views

EUVD-2026-40927

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References2
Rows per page
Query Builder