Lucene search
K

3242 matches found

OSV
OSV
added 2026/02/21 9:14 a.m.7 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.7AI score0.00349EPSS
Exploits1References4
OSV
OSV
added 2026/02/20 6:25 p.m.6 views

GHSA-QHP6-635J-X7R2 Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames

Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...

5.3CVSS5.9AI score0.00349EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/20 6:25 p.m.10 views

Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames

Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...

5.3CVSS5.9AI score0.00349EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-21333

Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.1.0 through 2.40.1 Description Static Web Server SWS has a timing-based username enumeration issue in Basic Authentication. The server checks if a username exists before verifying the password. Valid usernames...

5.3CVSS5.6AI score0.00349EPSS
Exploits1References14
Snyk
Snyk
added 2026/02/19 8:15 p.m.4 views

Timing Attack

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Timing Attack via the timingSafeEqual function. An attacker can infer sensitive information by performing timing analysis attacks during authentication comparisons. Remediation Upgrade ho...

6.3CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/02/19 8:15 p.m.5 views

GHSA-GQ3J-XVXP-8HRF Hono added timing comparison hardening in basicAuth and bearerAuth

Summary The basicAuth and bearerAuth middlewares previously used a comparison that was not fully timing-safe. The timingSafeEqual function used normal string equality === when comparing hash values. This comparison may stop early if values differ, which can theoretically cause small timing...

3.7CVSS5.8AI score
Exploits0References4
Schneier on Security
Schneier on Security
added 2026/02/17 12:1 p.m.9 views

Side-Channel Attacks Against LLMs

Here are three papers describing different side-channel attacks against LLMs. "Remote Timing Attacks on Efficient Language Model Inference": Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.7 views

CVE-2026-26185

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between...

5.3CVSS5.7AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 1:15 p.m.8 views

OESA-2026-1344 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
OSV
OSV
added 2026/02/13 1:15 p.m.12 views

OESA-2026-1343 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
Snyk
Snyk
added 2026/02/12 10:13 p.m.8 views

Information Exposure

Overview @directus/api is a real-time API and App dashboard for managing SQL database content Affected versions of this package are vulnerable to Information Exposure via the password reset functionality. An attacker can determine the existence of user accounts by measuring response time...

6.9CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 10:13 p.m.4 views

GHSA-JR94-GJ3H-C8RF Directus Vulnerable to User Enumeration via Password Reset Timing Attack

Summary A timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. Details The password rese...

5.3CVSS5.9AI score0.00349EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/12 10:13 p.m.9 views

Directus Vulnerable to User Enumeration via Password Reset Timing Attack

Summary A timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. Details The password rese...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References6Affected Software2
Vulnrichment
Vulnrichment
added 2026/02/12 9:54 p.m.5 views

CVE-2026-26185 Directus Affected by User Enumeration via Password Reset Timing Attack

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between...

5.3CVSS5.7AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/12 9:54 p.m.25 views

CVE-2026-26185 Directus Affected by User Enumeration via Password Reset Timing Attack

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between...

5.3CVSS0.00349EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:54 p.m.4 views

CVE-2026-26185

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between...

5.3CVSS5.7AI score0.00349EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2026/02/12 9:54 p.m.22 views

CVE-2026-26185

Directus before v11.14.1 is affected by a timing-based user enumeration vulnerability in the password reset flow. When an invalid reset_url is supplied, responses differ by about 500ms between existing and non-existing users, enabling enumeration of valid usernames. The issue is fixed in v11.14.1...

5.3CVSS5.7AI score0.00349EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/12 9:54 p.m.7 views

CVE-2026-26185 Directus Affected by User Enumeration via Password Reset Timing Attack

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/02/12 4:34 p.m.10 views

Security update for zabbix

This update for zabbix fixes the following issues: CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get...

3.5CVSS5.5AI score0.00318EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/02/11 9:38 a.m.8 views

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...

8.1CVSS5.8AI score0.09436EPSS
Exploits2References24
Rows per page
Query Builder