Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/08 10:15 a.m.39 views

CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS0.00197EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 10:15 a.m.5 views

CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS5.2AI score0.00197EPSS
Exploits0References7Affected Software8
EUVD
EUVD
added 2026/06/07 1:15 a.m.10 views

EUVD-2026-34978

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS5.1AI score0.01073EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/25 10:0 p.m.7 views

Saloon has a Fixture Name Path Traversal Vulnerability

Impact Users with MockResponse fixtures that use path traversal. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description Fixture names were used to build file paths under the configured fixture directory without validation. A name containin...

9.3CVSS5.8AI score0.00566EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/01/27 7:4 p.m.5 views

Use of Cache Containing Sensitive Information

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via improper handling of HTTP cache control directives, including Cache-Control: private and Cache-Control: no-store. An attacker can access...

6.9CVSS5.9AI score0.00457EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.6 views

PT-2026-2197

Name of the Vulnerable Software and Affected Versions Handmade Framework versions through 3.9 Description The software contains a flaw related to improper control of filenames used in include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local...

7.5CVSS6.4AI score0.00383EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/01/06 12:27 a.m.7 views

SUSE CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS6.8AI score0.00094EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/17 8:20 p.m.24 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS0.00094EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/02 6:40 a.m.1 views

Session Fixation

Overview Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework Affected versions of this package are vulnerable to Session Fixation. Affected versions of this package are vulnerable to Session Fixation. The session authentication helper fails to clear session...

9.3CVSS7AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 11:34 p.m.1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

6.9CVSS6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/15 12:0 a.m.16 views

PT-2021-23224 · Rubygems · Rails Multisite

Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...

8.8CVSS8.6AI score0.00608EPSS
Exploits0References9
Rows per page
Query Builder