CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/06/05 7:36 p.m.•7 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS5.5AI score0.00108EPSS

Exploits0References1

NVD•added 2026/04/24 8:16 p.m.•10 views

CVE-2026-41244

4.7CVSS0.00108EPSS

Exploits0References1

Vulnrichment•added 2026/04/24 7:11 p.m.•3 views

CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification

4.7CVSS5.3AI score0.00108EPSS

Exploits0References1

ATTACKERKB•added 2026/04/24 7:11 p.m.•5 views

CVE-2026-41244

4.7CVSS5.3AI score0.00108EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/24 7:11 p.m.•5 views

EUVD-2026-25610

4.7CVSS5.3AI score0.00108EPSS

Exploits0References1

Cvelist•added 2026/04/24 7:11 p.m.•27 views

CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification

4.7CVSS0.00108EPSS

Exploits0References1

CVE•added 2026/04/24 7:11 p.m.•16 views

CVE-2026-41244

Affected software: Mojic CLI tool. Issue: CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during decryption, causing an observable timing discrepancy (CWE-208). Impact: potential attacker could bypass the file integrity check via a timing attack. Stat...

4.7CVSS5.3AI score0.00108EPSS

Exploits0References1

CNNVD•added 2026/04/24 12:0 a.m.•8 views

Mojic 安全漏洞

Mojic is a C-language code obfuscation tool developed by Amit Dutta. Versions of Mojic prior to 2.1.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of the standard equality operator by CipherEngine to verify HMAC-SHA256 integrity checks, which could allow attacker...

4.7CVSS5.9AI score0.00108EPSS

Exploits0References1

Positive Technologies•added 2026/04/24 12:0 a.m.•4 views

PT-2026-35067

Name of the Vulnerable Software and Affected Versions Mojic versions prior to 2.1.4 Description The CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy, which is a situation where th...

4.7CVSS5.3AI score0.00108EPSS

Exploits0References4

Snyk•added 2026/04/16 9:10 p.m.•6 views

Timing Attack

Overview mojic is an Obfuscate C source code into encrypted, password-seeded emoji streams. Affected versions of this package are vulnerable to Timing Attack in the getDecryptStream process. An attacker can bypass file integrity checks by exploiting timing discrepancies in the HMAC verification,...

5.7CVSS6AI score0.00108EPSS

Exploits0References2

OSV•added 2026/04/16 9:10 p.m.•4 views

GHSA-WQQ3-WFMP-V85G Mojic: Observable Timing Discrepancy in HMAC Verification

Summary The CipherEngine in Mojic v2.1.3 uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208, allowing a potential attacker to bypass the file integrity check via a timing attack. Details...

4.7CVSS6AI score0.00108EPSS

Exploits0References3

Github Security Blog•added 2026/04/16 9:10 p.m.•7 views

Mojic: Observable Timing Discrepancy in HMAC Verification

4.7CVSS6AI score0.00108EPSS

Exploits0References3Affected Software1

Circl•added 2026/04/15 8:23 a.m.•6 views

CVE-2026-41244

creationtimestamp| type| source ---|---|--- 2026-04-15 08:23:19+00:00| published-proof-of-concept| https://github.com/notamitgamer/mojic/security/advisories/GHSA-wqq3-wfmp-v85g...

4.7CVSS5.8AI score0.00108EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by