Lucene search
+L

458 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-9116

Malicious code in bioql PyPI...

7CVSS6.6AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-0655

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00497EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-59111

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00975EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-32609

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0157EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/26 11:23 p.m.3 views

SUSE CVE-2025-59350

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

5.3CVSS9.1AI score0.00315EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 4:56 p.m.3 views

Security Bulletin: IBM Sterling Connect:Express for Microsoft Windows is vulnerable to brute force password guessing attacks (CVE-2025-36064)

Summary There is a vulnerability related to brute force password guessing attacks in IBM Sterling Connect:Express for Microsoft Windows. IBM Sterling Connect:Express for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36064 DESCRIPTION: IBM Sterling...

5.9CVSS6.6AI score0.00475EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2025/09/20 12:0 a.m.40 views

MoPE: a Mixture of Password Experts for Improving Password Guessing

Textual passwords remain a predominant authentication mechanism in web security. To evaluate their strength, existing research has proposed several data-driven models across various scenarios. However, these models generally treat passwords uniformly, neglecting the structural differences among...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/19 8:37 p.m.11 views

CVE-2025-59350

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS7AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/17 7:43 p.m.2 views

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS6.6AI score0.00315EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 7:43 p.m.21 views

CVE-2025-59350

CVE-2025-59350 - Dragonfly : A timing-attack vulnerability in the Proxy feature’s access control (string comparison) prior to 2.1.0 enables an attacker to guess passwords by measuring response times. The issue is fixed in 2.1.0. Affected: Dragonfly, proxy access control mechanism. Mitigation: upg...

6.9CVSS6.6AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/17 7:43 p.m.10 views

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 7:43 p.m.5 views

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS6.7AI score0.00315EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.10 views

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References6Affected Software1
Malwarebytes
Malwarebytes
added 2025/09/16 10:20 a.m.8 views

“A dare, a challenge, a bit of fun:” Children are hacking their own schools’ systems, says study

As if ransomware wasn’t enough of a security problem for the sector, educational institutions also need to worry about their own students, a recent study shows. Last week, the UK Information Commissioner’s Office ICO published a report about the "insider threat of students". Here are a few key...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-1927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random...

7.5CVSS7.4AI score0.02688EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-8632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to guess...

5.5CVSS5.8AI score0.00368EPSS
Exploits0References2
NVD
NVD
added 2025/08/05 1:15 a.m.7 views

CVE-2025-53544

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

7.5CVSS0.00352EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/05 12:14 a.m.4 views

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

7.5CVSS7.4AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2025/08/05 12:14 a.m.7 views

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

7.5CVSS7AI score0.00352EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/09 10:22 a.m.8 views

CVE-2025-6386

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS7.3AI score0.00371EPSS
Exploits0References1
Rows per page
Query Builder