Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2025/11/13 3:23 a.m.2 views

EUVD-2025-178451

Malicious code in import-abstract-nu-private-decrypt npm...

6.6AI score
Exploits0
OSV
OSVadded 2025/08/11 1:54 p.m.5 views

BIT-LIBPHP-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS7.1AI score0.01158EPSS
Exploits1References5
SUSE CVE
SUSE CVEadded 2025/02/14 5:50 a.m.3 views

SUSE CVE-2024-2408

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS5.9AI score0.01158EPSS
Exploits1References3
BDU FSTEC
BDU FSTECadded 2024/04/10 12:0 a.m.3 views

The vulnerability of the PrivateDecrypt() function in the cryptographic library of the Node.js software platform, which allows a attacker to execute the Bleichenbacher attack or the Marvin attack.

The vulnerability of the PrivateDecrypt function in the Node.js software library is related to the use of hidden auxiliary channels due to a discrepancy in the timing of decrypting valid and invalid encrypted texts based on the PKCS1 v1.5 cryptographic standard. Exploiting this vulnerability allo...

5.9CVSS6.9AI score0.01302EPSS
Exploits0References10Affected Software6
RedHat Linux
RedHat Linuxadded 2024/04/08 8:54 a.m.2 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2024/03/25 8:29 p.m.0 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/02/12 12:0 a.m.4 views

PT-2024-2706

Name of the Vulnerable Software and Affected Versions: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched Description: The issue is related to the use of hidden side channels in the PrivateDecrypt function of th...

9.8CVSS7.6AI score0.87211EPSS
Exploits4References204
Rows per page
Query Builder