Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/10 8:24 p.m.3 views

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.8AI score0.00014EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/04/10 8:24 p.m.24 views

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS0.00014EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2016-6374

Malware in sbrugna...

4.3CVSS4.8AI score0.00325EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2013-2042

Malware in sbrugna...

2.6CVSS6AI score0.0145EPSS
Exploits1References13
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-7518

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00323EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-5763

Malicious code in bioql PyPI...

5.1CVSS6.4AI score0.16071EPSS
Exploits0References29
Veracode
Veracodeadded 2025/06/06 6:20 a.m.4 views

Timing Side-channel Attack

signxml is vulnerable to a Timing side-channel attack. The vulnerability is due to information leakage during HMAC comparison when requirex509=False and hmackey is used, allowing attackers to infer the correct HMAC...

6.9CVSS5.8AI score0.00242EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/22 10:25 a.m.6 views

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS7.6AI score0.09816EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:6 a.m.4 views

CVE-2015-10004

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

7.5CVSS6.7AI score0.00323EPSS
Exploits0References1
Veracode
Veracodeadded 2024/09/02 9:15 a.m.4 views

Timing Attack

Adyen is vulnerable to a Timing Attack. The vulnerability is due to improper constant-time comparison of HMACs in the isvalidhmac and isvalidhmacnotification methods, allowing an attacker to infer the correct HMAC by measuring timing differences...

6.9AI score
Exploits0
OSV
OSVadded 2022/12/28 12:30 a.m.12 views

GHSA-5VW4-V588-PGV8 robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

7.5CVSS7.4AI score0.00323EPSS
Exploits0References5
NVD
NVDadded 2022/12/27 10:15 p.m.7 views

CVE-2015-10004

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

7.5CVSS0.00323EPSS
Exploits0References3
Prion
Prionadded 2022/12/27 10:15 p.m.11 views

Design/Logic Flaw

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

5CVSS6.9AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelistadded 2022/12/27 9:13 p.m.15 views

CVE-2015-10004 Timing side-channel in github.com/robbert229/jwt

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

7.4AI score0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2022/12/27 9:13 p.m.4 views

CVE-2015-10004 Timing side-channel in github.com/robbert229/jwt

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

7.5AI score0.00323EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/05/24 5:7 p.m.22 views

Non-constant time HMAC comparison

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison when checking whether two HMACs are equal. This could potentially allow attackers to use statistical methods to obtain a valid HMAC for an attacker-controlled input value. Jenkins 2.219, LTS 2.204.2 now use...

5.3CVSS5.7AI score0.01523EPSS
Exploits0References9Affected Software1
OSV
OSVadded 2021/04/14 8:4 p.m.20 views

GO-2020-0023 Timing side-channel in github.com/robbert229/jwt

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...

7.5CVSS7.4AI score0.00323EPSS
Exploits0References2
OpenVAS
OpenVASadded 2020/02/04 12:0 a.m.59 views

Jenkins < 2.219, < 2.204.2 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.8CVSS5.5AI score0.45215EPSS
Exploits0References1
FreeBSD
FreeBSDadded 2020/01/29 12:0 a.m.67 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

8.6CVSS0.8AI score0.45215EPSS
Exploits0References1
OSV
OSVadded 2019/09/16 6:15 p.m.22 views

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS7.6AI score
Exploits0References5
Rows per page
Query Builder