Lucene search
K

128 matches found

NVD
NVD
added 2026/07/01 3:16 p.m.10 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 1:45 p.m.7 views

EUVD-2026-40995

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 1:45 p.m.25 views

CVE-2026-13602

The CVE-2026-13602 issue describes a session‑takeover chain affecting multiple payment integration plugins (Stripe, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, pretix-saferpay) and core features. A code path transports session parameters via URL b...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 1:45 p.m.4 views

CVE-2026-13602 Session takeover vulnerability

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/16 2:23 a.m.14 views

SUSE CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.11 views

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.22 views

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 4:16 p.m.9 views

UBUNTU-CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 2:41 p.m.30 views

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:41 p.m.11 views

EUVD-2026-36456

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 2:41 p.m.35 views

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:41 p.m.11 views

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

5.2AI score0.00305EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-9638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable a...

7.5CVSS6.1AI score0.00305EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

389 Directory Server 数字错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a numerical error vulnerability, which stems from the SMD5 password storage plugin executing an unsigned integer underflow when calculating...

6.5CVSS5.5AI score0.00282EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to SINEC INS V1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the use of static, hard-code...

9.8CVSS5.4AI score0.00121EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/08 1:27 p.m.13 views

Use Of Predictable Salt

jasypt-spring-boot is vulnerable to Use of Predictable Salt. The vulnerability is due to the getSecretKeySaltGenerator implementation in SimpleGCMConfig.java, which can generate predictable salts for password hashing operations. This reduces the effectiveness of the one-way hash and may allow...

6.3CVSS5.4AI score0.00202EPSS
Exploits0References2Affected Software2
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Issue Correction: Run dnf update perl-Crypt-PasswdMD5...

7.5CVSS5.4AI score0.00447EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

7.5CVSS5.5AI score0.00447EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.17 views

Amazon Linux 2 : perl-Crypt-PasswdMD5, --advisory ALAS2-2026-3343 (ALAS-2026-3343)

The version of perl-Crypt-PasswdMD5 installed on the remote host is prior to 1.3-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3343 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function ...

7.5CVSS5.5AI score0.00447EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2023 : perl-Crypt-PasswdMD5 (ALAS2023-2026-1796)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1796 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Tenable has extract...

7.5CVSS5.5AI score0.00447EPSS
Exploits0References4
Rows per page
Query Builder