CVE-2026-11832

Publié : 15 juin 2026

Modifié : 15 juin 2026

Description détaillée

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Références et Patchs

https://datatracker.ietf.org/doc/html/rfc5849#section-3.3 https://datatracker.ietf.org/doc/html/rfc5849#section-4.9 https://metacpan.org/release/BIAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes https://www.cve.org/CVERecord?id=CVE-2025-22376

Dernières Vulnérabilités

CVE-2026-12162

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.

VOIR DÉTAILS

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

VOIR DÉTAILS

CVE-2026-9262

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier

VOIR DÉTAILS