Lucene search
+L

16 matches found

OSV
OSV
added 2026/05/22 4:48 p.m.10 views

MAL-2026-4658 Malicious code in rapyd-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9b157ff532e1e7c1ccd9ae77aec9a89324f24a5a0f27c1ccd70e430f318b60 Package self-presents as a TypeScript SDK for the Rapyd fintech-as-a-service platform and links https://www.rapyd-client.net/ as if it were Rapyd's...

5.8AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in mbedtls

A timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS from version 2.23.0 allows an attacker to obtain secret key information. This issue affects the CBC mode, as it involves a calculated time difference based on the padding length...

5.5CVSS6AI score0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 4:59 p.m.3 views

CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...

7.4CVSS5.8AI score0.00309EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-3580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This...

4.7CVSS5.8AI score0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 6:16 p.m.11 views

CVE-2025-7432

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...

1CVSS0.00137EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 6:30 p.m.13 views

GHSA-J8CM-G7R6-HFPQ vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

6.3CVSS3.4AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.8 views

PT-2024-24129 · Open Quantum Safe · Liboqs

Name of the Vulnerable Software and Affected Versions: Open Quantum Safe liboqs version 10.0 Description: An issue in Open Quantum Safe liboqs allows a remote attacker to escalate privileges via the crypto sign signature parameter in the /pqcrystals-dilithium-standard ml-dsa-44-ipd avx2/sign.c...

9.8CVSS9.4AI score0.00618EPSS
Exploits1References7
Veracode
Veracode
added 2024/01/09 6:46 a.m.10 views

Timing Attack

github.com/cloudflare/circl is vulnerable to Timing Attack. The vulnerability is caused due to arithmetic operations during ciphertext compression which leaks sensitive timing information. An attacker can learn parts of secret key by exploiting this vulnerability brute force...

6.9AI score
Exploits0
NVD
NVD
added 2024/01/03 5:15 p.m.43 views

CVE-2023-46742

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

6.5CVSS5.2AI score0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.4 views

PT-2024-40389 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.6.2 Description: The issue allows an attacker to learn parts of the secret key when they can time decapsulation and forge cipher texts on certain platforms. This does not affect ephemeral usage, such as regular use...

7.1AI score
Exploits0References5
NVD
NVD
added 2023/04/21 6:15 p.m.48 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS9.1AI score0.00864EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.4 views

SUSE CVE-2020-16150

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS5.5AI score0.00368EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/20 8:15 a.m.2 views

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

7.5CVSS5.9AI score0.0783EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/20 12:0 a.m.5 views

PT-2022-2524 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 3.13.1 Description: The issue is related to the jwt-auth plugin of Apache APISIX, which has a security problem due to insufficient error reporting mechanisms. This can allow a remote attacker to gain unauthoriz...

7.8CVSS7.5AI score0.0783EPSS
Exploits0References8
Hacker One
Hacker One
added 2019/03/11 6:10 p.m.9 views

Omise: Public and secret api key leaked via omise github repo(owned by omise)

Found secret key of particular omise accounts! Functionality of the public and secret keys are described below: Public key The public key can be used to create tokens via javascript from your customers browsers. This key can be safely exposed to the outside world. Secret key The secret key can be...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/22 12:0 a.m.38 views

Parallels Plesk Panel 12.x Key Disclosure

While auditing the source code for Parallels Plesk Panel 12.x on Linux I noticed the following feature that leads to leakage of the '/etc/psa/private/secretkey'-file in md5 format to non-authenticated users. Parallels responded that the 16byte 'secretkey' should provide sufficient entropy for thi...

7.4AI score
Exploits0
Rows per page
Query Builder