Lucene search
K

9430 matches found

Nuclei
Nuclei
added yesterday20 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6AI score0.00713EPSS
Exploits1
Nuclei
Nuclei
added yesterday12 views

PSW Front-end Login & Registration 1.13 - Weak Password Recovery

PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...

9.8CVSS7.2AI score0.21914EPSS
Exploits3References5
NVD
NVD
added yesterday6 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

0.00209EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00209EPSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-14570

CVE-2026-14570 affects Crypt::DSA for Perl prior to 1.22. The root cause is a biased random generator in Crypt::DSA::Util::makerandom that fixes the top bit of the produced N-bit values, making signing nonces non-uniform and enabling private-key recovery. An attacker collecting a modest number of...

5.9AI score0.00209EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday22 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

0.00209EPSS
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-41713

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00209EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-59099

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41430

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40933

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-10540

CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40869

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.4AI score0.1308EPSS
Exploits1References2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS0.00286EPSS
Exploits0References2
CVE
CVE
added 5 days ago72 views

CVE-2026-14191

CVE-2026-14191 describes an out-of-bounds heap write in WinRAR/UnRAR’s RAR5 recovery-volume (.rev) parser (RecVolumes5::ReadHeader). The RecItems vector is sized based on the first .rev file; subsequent .rev files supply an independent RecNum that is validated against that file’s TotalCount but n...

7.8CVSS5.8AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-54451

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.23 UnRAR versions prior to 7.23 Description An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser within the RecVolumes5::ReadHeader function in recvol5.cpp. The issue occurs because the RecItems...

7.8CVSS7AI score0.00286EPSS
Exploits0References10
Rows per page
Query Builder