CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

CVE-2026-47380 NocoDB: User Enumeration via Sign-In Timing

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-5095

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02432EPSS

Exploits0References16

RedhatCVE•added 2025/05/22 4:30 p.m.•9 views

CVE-2020-23356

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

7.5CVSS7.2AI score0.00976EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:33 a.m.•5 views

CVE-2019-15088

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication...

9.8CVSS6.9AI score0.01719EPSS

Exploits0References1

0day.today•added 2025/02/15 12:0 a.m.•177 views

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Exploit

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

7.6AI score

Exploits0

CVE•added 2021/01/27 3:30 p.m.•95 views

CVE-2020-23361

CVE-2020-23361 affects phpList 3.5.3. The root cause is type juggling: the code uses == instead of === for comparing password hashes, which mishandles hashes starting with 0e followed by only digits. This enables a login bypass under affected conditions. Connected sources indicate multiple, publi...

9.8CVSS9.6AI score0.01208EPSS

Exploits1References1Affected Software1

NVD•added 2019/09/20 2:15 p.m.•14 views

CVE-2019-15088

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication...

9.8CVSS9.4AI score0.01719EPSS

Exploits0References2

RedHat Linux•added 2017/09/26 7:14 p.m.•1 views

jasypt: Vulnerable to timing attack against the password hash comparison

A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...

7.5CVSS7.1AI score0.02432EPSS

Exploits0References4

UbuntuCve•added 2017/05/21 6:29 p.m.•40 views

CVE-2014-9970

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

7.5CVSS6.8AI score0.02432EPSS

Exploits0References2

OSV•added 2017/05/21 6:29 p.m.•11 views

CVE-2014-9970

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

7.5CVSS8.6AI score

Exploits0References13

CVE•added 2017/05/21 6:0 p.m.•140 views

CVE-2014-9970

CVE-2014-9970 affects jasypt before 1.9.2, where a timing attack can be made against password hash comparisons. The provided documents confirm the existence of this timing vulnerability but do not specify a vendor patch or fixed version within the CVE entry. The impact is described as a confident...

7.5CVSS7.1AI score0.02432EPSS

Exploits0References11Affected Software1