69 matches found
CVE-2026-41244
Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...
CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...
CVE-2026-3288
creationtimestamp| type| source ---|---|--- 2026-03-10 14:35:26+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/kubernetes-security-advisory-av26-208 2026-03-10 16:00:36+00:00| seen| https://gist.github.com/ichintu/18b9a09140a4dbb6aab50fdd24d38fb4 2026-03-17 15:07:42+00:00| seen|...
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 is affected by a directory traversal flaw in cgi-bin/certsupload.cgi that allows uploading files via the ../ sequence, enabling code execution. Concrete details across multiple sources confirm the vulnerable component and the root cause (certsupload.c...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68915
Riello UPS NetMan 208 Application prior to 1.12 is affected by a cross-site scripting (XSS) vulnerability in the CGI script cgi-bin/loginbanner_w.cgi, exploitable via a crafted banner. The issue arises from the loginbanner_w.cgi component and can lead to script execution within the context of the...
CVE-2025-68914
The CVE-2025-68914 entry describes a SQL injection in Riello UPS NetMan 208 Application before 1.12 via cgi-bin/login.cgi username, enabling manipulation such as deleting LOGINFAILEDTABLE. Affected product: Riello UPS NetMan 208 Application (versions
Riello UPS NetMan 208 SQL注入漏洞
Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A SQL injection vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which originates from the presence of SQL injection in cgi-bin/login.cgi, which may result in table deletion...
Riello UPS NetMan 208 安全漏洞
Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A security vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of directory traversal in cgi-bin/certsupload.cgi, which could lead to file uploads and code execution...
Riello UPS NetMan 208 跨站脚本漏洞
Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A cross-site scripting vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of cross-site scripting in cgi-bin/loginbannerw.cgi, which could lead to the execution of malicious...