929 matches found
PT-2026-1067
Name of the Vulnerable Software and Affected Versions REDCap version 14.3.13 Description REDCap version 14.3.13 is affected by an issue that allows an attacker to enumerate usernames due to an observable discrepancy between login attempts. Recommendations At the moment, there is no information...
EUVD-2025-206132
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992663)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992663 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio...
CVE-2025-64765
Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-52457
CVE-2025-52457 describes an Observable Timing Discrepancy (CWE-208) in Gallagher HBUS devices that could let an attacker with physical access extract device-specific keys, potentially compromising site security. Affected: Command Centre Server, including 9.30 before vCR9.30.251028a (MR3), 9.20 be...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
CVE-2025-25236
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...
Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2019-13627)
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2023-5981)
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2020-14145)
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...
CVE-2025-25236
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...
CVE-2025-25236
Omnissa Workspace ONE UEM (affected families: 24.2.x before 24.2.0.36, 24.6.x before 24.6.0.44, or 24.10.x before 24.10.0.25) contains an observable response discrepancy vulnerability (CVE-2025-25236). The issue may allow enumeration of sensitive data such as tenant IDs and user accounts, enablin...
CVE-2025-25236
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...
CVE-2025-25236
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...
Omnissa Workspace ONE UEM 安全漏洞
Omnissa Workspace ONE UEM is an endpoint management platform from Omnissa USA. A security vulnerability exists in Omnissa Workspace ONE UEM that stems from an observable response discrepancy that could cause a malicious actor to enumerate sensitive information such as tenant IDs and user accounts...
GO-2025-4036 Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server
Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server...