EUVD-2026-30736

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

OpenML Frontend 安全漏洞

OpenML Frontend is an OpenML Frontend page from OpenML Open Source. A security vulnerability exists in OpenML Frontend version v2.0.20241110, which stems from the use of predictable MD5-based tokens that could lead to account takeover...

EUVD-2024-42303

Malicious code in bioql PyPI...

CVE-2025-25183 vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...

GHSA-RM76-4MRF-V9R8 vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

Summary Maliciously constructed prompts can lead to hash collisions, resulting in prefix cache reuse, which can interfere with subsequent responses and cause unintended behavior. Details vLLM's prefix caching makes use of Python's built-in hash function. As of Python 3.12, the behavior of hashNon...

CVE-2024-47188

Suricata (IDS/IPS/NSM engine) is affected by CVE-2024-47188 and related 7.x/8.x issues. PTSecurity entries describe heap overflow in logging verdict information (eve.alert/eve.drop) for Suricata versions prior to 7.0.13 and prior to 8.0.2, potentially crashing the process. A workaround mentioned ...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as it was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large...

SUSE SLED11 / SLES11 Security Update : mono-core (SUSE-SU-2016:0257-1)

mono-core was updated to fix the following vulnerabilities : - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation bsc958097 - CVE-2012-3543: Remote attackers could cause a denial of service throu...

Amazon Linux: Security Advisory (ALAS-2012-37)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-52)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-88-1 : ruby1.8 security update

This update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900...

DLA-88-1 ruby1.8 - security update

Bulletin has no description...

Fedora 20 : jansson-2.6-1.fc20 (2014-3778)

Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Ubuntu: Security Advisory (USN-1733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)

IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to...