Lucene search
+L

222 matches found

github
github
added 2025/07/07 12:30 p.m.9 views

Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS7.4AI score0.00371EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2025/07/07 10:15 a.m.35 views

CVE-2025-6386

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

7.5CVSS0.00371EPSS
Exploits0References2
cve
cve
added 2025/07/07 9:55 a.m.46 views

CVE-2025-6386

The CVE relates to parisneo/lollms, where the authenticate_user function in lollms_authentication.py is vulnerable to a timing attack that enables username enumeration and incremental password guessing. The root cause is the use of Python’s default string equality operator, which compares charact...

7.5CVSS7.5AI score0.00371EPSS
Exploits0References2
osv
osv
added 2025/05/28 6:2 p.m.8 views

GHSA-4QJH-9FV9-R85R Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching

This issue arises from the prefix caching mechanism, which may expose the system to a timing side-channel attack. Description When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First...

2.6CVSS6.9AI score0.00247EPSS
Exploits0References6
osv
osv
added 2025/05/28 5:38 p.m.5 views

GHSA-424X-CXVH-WQ9P Mautic allows user name enumeration due to response time difference on password reset form

Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

5.3CVSS7.2AI score0.00267EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 9:44 a.m.18 views

CVE-2024-21671

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

3.7CVSS6.7AI score0.00398EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 9:31 a.m.6 views

CVE-2024-26268

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by...

5.3CVSS6.9AI score0.00527EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 8:6 a.m.9 views

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS6.9AI score0.00552EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/23 3:42 a.m.17 views

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

5.3CVSS6.8AI score0.00836EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 11:10 p.m.6 views

CVE-2022-36105

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

5.3CVSS7.1AI score0.01014EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 3:44 p.m.8 views

CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...

4.3CVSS6.8AI score0.0093EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:27 a.m.9 views

CVE-2019-13599

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times...

5.3CVSS6.8AI score0.03969EPSS
Exploits3References1
nessus
nessus
added 2025/05/14 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0019: gnutls (ALINUX3-SA-2024:0019)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0019 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-5981: A vulnerability was found that the...

5.9CVSS6.6AI score0.01257EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2025/05/13 12:0 a.m.6 views

Adaptive Security Policy Management in Cloud Environments Using Reinforcement Learning

The security of cloud environments, such as Amazon Web Services AWS, is complex and dynamic. Static security policies have become inadequate as threats evolve and cloud resources exhibit elasticity 1. This paper addresses the limitations of static policies by proposing a security policy managemen...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/05/01 12:0 a.m.7 views

AI-Driven IRM: Transforming Insider Risk Management with Adaptive Scoring and LLM-Based Threat Detection

Insider threats pose a significant challenge to organizational security, often evading traditional rule-based detection systems due to their subtlety and contextual nature. This paper presents an AI-powered Insider Risk Management IRM system that integrates behavioral analytics, dynamic risk...

7.1AI score
Exploits0
huntr
huntr
added 2025/03/23 5:21 p.m.9 views

Timing attacks to guess password in lollms_authentication.py

Description The authenticateuser function in /server/endpoints/lollmsauthentication.py is vulnerable to timing attacks that can be exploited to: Enumerate valid usernames. Guess passwords incrementally by analyzing response time differences. Explanation of the vulnerability def...

7.5CVSS6.9AI score0.00371EPSS
Exploits0
redhatcve
redhatcve
added 2025/03/22 12:34 p.m.10 views

CVE-2024-7779

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...

7.5CVSS6.8AI score0.00664EPSS
Exploits0References1
hackread
hackread
added 2025/03/03 4:13 p.m.3 views

How to Automate Security Questionnaires and Reduce Response Time

Security questionnaires take a lot of time and repetitively answering the same questions manually chews up business time…...

7.3AI score
Exploits0
nvd
nvd
added 2025/02/11 11:15 p.m.56 views

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

5.4CVSS0.00763EPSS
Exploits2References1
cve
cve
added 2025/02/11 12:0 a.m.206 views

CVE-2024-54772

Summary: MikroTik RouterOS Winbox exposes a username-enumeration flaw due to a timing/response-size discrepancy. Affected: long-term 6.43.13–6.49.13 and stable 6.43–7.17.2; patch available in stable 6.49.18 (and upgrade to 7.18+). Practical impact: enables attackers to enumerate valid accounts. R...

5.4CVSS5.4AI score0.00763EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder