Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/05/06 11:16 p.m.2 views

axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/02/17 9:29 p.m.4 views

Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass

Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!digest, expecteddigest treated expecteddigest as a pattern binding rather than a value comparison,...

7.5CVSS5.6AI score0.0002EPSS
Exploits0References7Affected Software1
Snyk
Snykadded 2025/05/22 7:1 p.m.0 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...

6.3CVSS6.9AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/06/06 12:0 a.m.2 views

PT-2024-34569 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240310 Description: A timing attack vulnerability exists in the password comparison logic of the gaizhenbiao/chuanhuchatgpt repository. The vulnerability arises from the use of the '=' operator in Python f...

7.5CVSS7.6AI score0.46131EPSS
Exploits1References10
Positive Technologies
Positive Technologiesadded 2024/02/10 12:0 a.m.1 views

PT-2024-21109 · Rhonabwy +1 · Rhonabwy +1

Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 1.1.13 and earlier Description: The issue is related to HMAC signature verification, which uses a strcmp function. This function is vulnerable to side-channel attacks because it stops the comparison when the first difference...

9.8CVSS6.8AI score0.0019EPSS
Exploits0References15
Positive Technologies
Positive Technologiesadded 2022/10/19 12:0 a.m.2 views

PT-2022-26896 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.35 and earlier Description: The issue is related to a non-constant time comparison function used when checking the equality of provided and expected webhook tokens. This potentially allows attackers to use...

5.3CVSS4.8AI score0.00425EPSS
Exploits0References8
Rows per page
Query Builder