458 matches found
EUVD-2025-9116
Malicious code in bioql PyPI...
EUVD-2024-0655
Malicious code in bioql PyPI...
EUVD-2023-59111
Malicious code in bioql PyPI...
EUVD-2021-32609
Malicious code in bioql PyPI...
SUSE CVE-2025-59350
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
Security Bulletin: IBM Sterling Connect:Express for Microsoft Windows is vulnerable to brute force password guessing attacks (CVE-2025-36064)
Summary There is a vulnerability related to brute force password guessing attacks in IBM Sterling Connect:Express for Microsoft Windows. IBM Sterling Connect:Express for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36064 DESCRIPTION: IBM Sterling...
MoPE: a Mixture of Password Experts for Improving Password Guessing
Textual passwords remain a predominant authentication mechanism in web security. To evaluate their strength, existing research has proposed several data-driven models across various scenarios. However, these models generally treat passwords uniformly, neglecting the structural differences among...
CVE-2025-59350
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
CVE-2025-59350
CVE-2025-59350 - Dragonfly : A timing-attack vulnerability in the Proxy feature’s access control (string comparison) prior to 2.1.0 enables an attacker to guess passwords by measuring response times. The issue is fixed in 2.1.0. Affected: Dragonfly, proxy access control mechanism. Mitigation: upg...
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...
“A dare, a challenge, a bit of fun:” Children are hacking their own schools’ systems, says study
As if ransomware wasn’t enough of a security problem for the sector, educational institutions also need to worry about their own students, a recent study shows. Last week, the UK Information Commissioner’s Office ICO published a report about the "insider threat of students". Here are a few key...
Linux Distros Unpatched Vulnerability : CVE-2016-1927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random...
Linux Distros Unpatched Vulnerability : CVE-2020-8632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to guess...
CVE-2025-53544
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...
CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...
CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...
CVE-2025-6386
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...