Lucene search
K

937 matches found

Nuclei
Nuclei
added 14 hours ago11 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.8AI score0.00635EPSS
Exploits1References2
NVD
NVD
added 5 days ago7 views

CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 5 days ago22 views

CVE-2023-20572

CVE-2023-20572 describes a timing discrepancy in the ASP that could enable a local attacker to brute-force the hash message authentication code, risking data integrity. The connected AMD bulletin AMD-SB-4012 references potential vulnerabilities on AMD Client Processor platforms affecting ASP and ...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2023-60597

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS5.9AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago19 views

CVE-2026-54573 Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...

5.3CVSS0.00285EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago10 views

Tridium Niagara Observable Discrepancy (CVE-2025-3939)

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Intel Microcode

Observable timing discrepancies in some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

3.3CVSS6.4AI score0.00383EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:19 p.m.32 views

node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.4AI score0.00107EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/14 6:17 p.m.5 views

UBUNTU-CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 4:17 p.m.4 views

UBUNTU-CVE-2026-48859

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.9AI score0.00354EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/10 2:35 p.m.6 views

CVE-2026-48859

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2026-43514

A flaw was found in Apache Tomcat. The AJP secret was comparable in non-constant time, allowing an attacker on the local network to mount a timing attack to determine the AJP secret, which may lead to unauthorized access or other security bypasses...

3.7CVSS5.4AI score0.00352EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 3:16 p.m.8 views

CVE-2026-6207

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
EUVD
EUVD
added 2026/06/05 1:49 p.m.9 views

EUVD-2026-34836

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

9.1CVSS5.3AI score
Exploits0
Cvelist
Cvelist
added 2026/06/05 1:49 p.m.35 views

CVE-2026-6207

...

Exploits0
UbuntuCve
UbuntuCve
added 2026/06/01 12:0 a.m.6 views

CVE-2026-43514

Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i...

3.7CVSS5.8AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 9:23 p.m.11 views

EUVD-2026-33070

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 8:9 p.m.9 views

CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

6.3CVSS5.8AI score0.00232EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.15 views

Apache Tomcat 11.0.0.M1 < 11.0.22 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.22. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.22security-11 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat...

9.8CVSS6.6AI score0.01339EPSS
Exploits2References18
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux - уязвимость в nodejs

The generateKeys API function returned by crypto.createDiffieHellman only generates missing or outdated keys. In other words, it only generates a private key if none has been set yet. However, this function is also needed to compute the corresponding public key after calling setPrivateKey...

7.5CVSS6.8AI score0.01462EPSS
Exploits0References2
Rows per page
Query Builder