Lucene search
K

69 matches found

NVD
NVD
added 2026/04/24 8:16 p.m.11 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 8:24 p.m.30 views

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS0.00334EPSS
Exploits0References5
Circl
Circl
added 2026/03/10 2:35 p.m.6 views

CVE-2026-3288

creationtimestamp| type| source ---|---|--- 2026-03-10 14:35:26+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/kubernetes-security-advisory-av26-208 2026-03-10 16:00:36+00:00| seen| https://gist.github.com/ichintu/18b9a09140a4dbb6aab50fdd24d38fb4 2026-03-17 15:07:42+00:00| seen|...

8.8CVSS7.3AI score0.06669EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/01/21 10:27 p.m.9 views

FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...

3.7CVSS5.6AI score0.00254EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/25 8:19 p.m.15 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

5.5CVSS6.1AI score0.00167EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/25 8:18 p.m.14 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

6.5CVSS7.5AI score0.00188EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:16 p.m.7 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

6.5CVSS0.00188EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:16 p.m.6 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

9.1CVSS0.02251EPSS
Exploits1References1
OSV
OSV
added 2025/12/24 8:16 p.m.7 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

5.3CVSS5.8AI score0.00188EPSS
Exploits1References1
OSV
OSV
added 2025/12/24 8:16 p.m.6 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

4.8CVSS5.8AI score0.00167EPSS
Exploits1References1
OSV
OSV
added 2025/12/24 8:16 p.m.11 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

7.2CVSS5.9AI score0.02251EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:16 p.m.6 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

5.5CVSS0.00167EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/24 7:43 p.m.26 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

9.1CVSS0.02251EPSS
Exploits1References1
CVE
CVE
added 2025/12/24 7:43 p.m.15 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 is affected by a directory traversal flaw in cgi-bin/certsupload.cgi that allows uploading files via the ../ sequence, enabling code execution. Concrete details across multiple sources confirm the vulnerable component and the root cause (certsupload.c...

9.1CVSS7.3AI score0.02251EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/12/24 7:40 p.m.25 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

5.5CVSS0.00167EPSS
Exploits1References1
CVE
CVE
added 2025/12/24 7:40 p.m.15 views

CVE-2025-68915

Riello UPS NetMan 208 Application prior to 1.12 is affected by a cross-site scripting (XSS) vulnerability in the CGI script cgi-bin/loginbanner_w.cgi, exploitable via a crafted banner. The issue arises from the loginbanner_w.cgi component and can lead to script execution within the context of the...

5.5CVSS5.7AI score0.00167EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/12/24 7:37 p.m.14 views

CVE-2025-68914

The CVE-2025-68914 entry describes a SQL injection in Riello UPS NetMan 208 Application before 1.12 via cgi-bin/login.cgi username, enabling manipulation such as deleting LOGINFAILEDTABLE. Affected product: Riello UPS NetMan 208 Application (versions

6.5CVSS7.2AI score0.00188EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

Riello UPS NetMan 208 SQL注入漏洞

Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A SQL injection vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which originates from the presence of SQL injection in cgi-bin/login.cgi, which may result in table deletion...

6.5CVSS7.8AI score0.00188EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

Riello UPS NetMan 208 安全漏洞

Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A security vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of directory traversal in cgi-bin/certsupload.cgi, which could lead to file uploads and code execution...

9.1CVSS7.2AI score0.02251EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

Riello UPS NetMan 208 跨站脚本漏洞

Riello UPS NetMan 208 is a network management card from Riello UPS, Italy. A cross-site scripting vulnerability exists in Riello UPS NetMan 208 versions prior to 1.12, which stems from the presence of cross-site scripting in cgi-bin/loginbannerw.cgi, which could lead to the execution of malicious...

5.5CVSS6.1AI score0.00167EPSS
Exploits1References2
Rows per page
Query Builder