Monthly
Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending specially crafted DNS queries (CVSS 7.5).
Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending specially crafted DNS queries (CVSS 7.5).
Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.