Devolutions Server <= 2025.2.4.0 UI Discrepancy for Security Feature (DEVO-2025-0013) (CVE-2025-8353)

The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.4.0 and is, therefore, affected by a UI discrepancy for security feature vulnerability: - UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0...

CVE-2025-49087

A flaw was found in mbedtls. A timing vulnerability exists within the PKCS7 padding removal process for block ciphers, allowing a remote attacker to potentially recover plaintext data. This exploitation occurs through the observation of the time it takes to process a crafted ciphertext, resulting...

The vulnerability in the `arch/x86/power/cpu.c` module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the arch/x86/power/cpu.c module of Linux operating systems is related to incorrect initialization of resources due to discrepancies in values before and after the hibernation mode. Exploiting this vulnerability can allow an attacker to cause a system failure...

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

CVE-2025-49087

The issue CVE-2025-49087 affects Mbed TLS 3.6.1–3.6.3 (pre-3.6.4) and is caused by a timing discrepancy in block cipher padding removal (PKCS#7), enabling plaintext recovery. IBM’s Power Systems bulletin confirms impact on PowerVM Hypervisor and provides remediation paths: install FW1110.10 (1110...

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

Observable Discrepancy

Overview Affected versions of this package are vulnerable to Observable Discrepancy via userpass auth method. An attacker can enumerate valid usernames on this auth method through brute force or a list of known usernames. Workaround This issue can be partially mitigated by using rate-limit quotas...

CVE-2025-52983

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines RE, even if the configured public key for root has been removed, remote users which are i...

CVE-2025-52983

CVE-2025-52983 describes a UI discrepancy in Junos OS on VM Host systems (VM Host Routing Engines) that allows a network-based, unauthenticated attacker to access the device. On REs, even after removing the public key for root login, users with the corresponding private key can still log in as ro...

Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

CVE-2025-3092 MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint...

CVE-2025-0163

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

CVE-2025-0163 IBM Security Verify Access information disclosure

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

CVE-2025-0163 IBM Security Verify Access information disclosure

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

PT-2025-23987

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the behavior of os.OpenFile when the target path is a dangling symlink. On Unix systems, os.OpenFile with O CREATE and O EXCL flags never follows symlinks. However, on...

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...

CVE-2024-54454

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or...

CVE-2024-13198

A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...