Lucene search
K

360 matches found

Snyk
Snyk
added 2026/07/01 8:44 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via unsanitized repository URL components in the webhook endpoint when no secret is configured. An attacker can trigger continuous repository re-cloning, increasing network traffic and...

8.3CVSS6AI score0.00506EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:5 a.m.7 views

EUVD-2026-40291

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-10512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-316 cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

Summary utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py getsharedsecret: def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree o...

9.8CVSS7.3AI score0.03948EPSS
Exploits6References7
NVD
NVD
added 2026/06/25 8:17 p.m.6 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

UBUNTU-CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:58 p.m.7 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS5.9AI score0.00263EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:58 p.m.22 views

CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:58 p.m.7 views

EUVD-2026-39552

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS5.9AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:58 p.m.24 views

CVE-2026-10512

The CVE-2026-10512 issue affects the X25519 x86_64 assembly implementation, where the final modular reduction fails to clear the most significant bit, leaving the 255-bit field element non-canonical. Consequently, the computed result from scalar multiplication may be incorrect, potentially yieldi...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52561

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The X25519 x86 64 assembly implementation fails to clear the most significant bit during the final modular reduction. This occurs because the final...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 2:17 p.m.11 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:38 p.m.16 views

CVE-2026-6673

Mattermost Jira plugin (CVE-2026-6673) authenticates poorly during Atlassian Connect install. Affected Mattermost versions (11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x

6.4CVSS6AI score0.00177EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:38 p.m.11 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS6AI score0.00177EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/20 7:16 p.m.12 views

CVE-2026-56345

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS0.00295EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.11 views

CVE-2026-56345

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS6AI score0.00295EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38132

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS6AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 9:20 a.m.8 views

CVE-2026-50214 Shared Secret Quota Inflation

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.3CVSS5.9AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 6:16 p.m.18 views

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.9CVSS0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.8AI score0.00137EPSS
Exploits0References2
Rows per page
Query Builder