CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3236 matches found

Positive Technologies•added 2025/05/06 12:0 a.m.•4 views

PT-2025-19982 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 10.8.10 Umbraco versions prior to 13.8.1 Description: The issue allows an attacker to determine whether an account exists based on an analysis of the timing of post login API responses. No known workarounds are...

5.3CVSS6.3AI score0.00306EPSS

Exploits0References11

RedhatCVE•added 2025/04/25 11:54 p.m.•5 views

CVE-2025-27936

Mattermost Plugin MSTeams versions 2.1.0 and Mattermost Server versions 10.5.x =10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack...

5.3CVSS6.7AI score0.0027EPSS

Exploits0References1

Veracode•added 2025/04/25 3:26 a.m.•4 views

Timing Attack

github.com/mattermost/mattermost-server is vulnerable to a Timing attack. The vulnerability is due to improper implementation of constant time comparison when comparing the MSTeams plugin webhook secret, allows an attacker to exploit timing differences in the comparison process to extract the...

5.9CVSS6.5AI score0.0027EPSS

Exploits0References4Affected Software2

SUSE CVE•added 2025/04/24 3:24 a.m.•4 views

SUSE CVE-2025-27936

5.9CVSS3.9AI score0.0027EPSS

Exploits0References3

Snyk•added 2025/04/22 12:0 a.m.•7 views

Timing Attack

Overview org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security. Affected versions of this package are vulnerable to Timing Attack due to an unintentional bypass for DaoAuthenticationProvider constant time controls, which was caused by the fix...

7.4CVSS7.1AI score0.00568EPSS

Exploits0References2

Positive Technologies•added 2025/04/22 12:0 a.m.•4 views

PT-2025-17727

Name of the Vulnerable Software and Affected Versions Spring Security affected versions not specified Description The issue introduces a username enumeration vector. It affects the BCryptPasswordEncoder's maximum password length, which breaks timing attack mitigation. Recommendations At the momen...

5.3CVSS5.3AI score0.00402EPSS

Exploits0References16

Snyk•added 2025/04/16 12:31 p.m.•1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to the improper handling of webhook secret comparisons. An attacker can retrieve the webhook secret by exploiting the timing discrepancy during the comparison process. Remediation Upgrade...

6CVSS6.9AI score0.0027EPSS

Exploits0References2

OSV•added 2025/04/16 12:31 p.m.•4 views

GHSA-2J87-P623-8CC2 Mattermost vulnerable to Observable Timing Discrepancy

5.3CVSS7AI score0.0027EPSS

Exploits0References4

Github Security Blog•added 2025/04/16 12:31 p.m.•12 views

Mattermost vulnerable to Observable Timing Discrepancy

5.9CVSS6.7AI score0.0027EPSS

Exploits0References4Affected Software2

NVD•added 2025/04/16 10:15 a.m.•20 views

CVE-2025-27936

5.9CVSS0.0027EPSS

Exploits0References1

OSV•added 2025/04/16 10:15 a.m.•4 views

CVE-2025-27936

5.9CVSS6.7AI score

Exploits0References1

Cvelist•added 2025/04/16 9:14 a.m.•19 views

CVE-2025-27936 Webhook Secret Exposure via Timing attack in MSteams plugin

5.3CVSS0.0027EPSS

Exploits0References1

CVE•added 2025/04/16 9:14 a.m.•220 views

CVE-2025-27936

CVE-2025-27936 (Mattermost/MS Teams plugin timing attack) : The connected advisory GO-2025-3618 reports a vulnerability in the Mattermost ecosystem where the MSTeams plugin (github.com/mattermost/mattermost-plugin-msteams) and related Mattermost Server versions are susceptible to an observable ti...

5.9CVSS5.2AI score0.0027EPSS

Exploits0References1Affected Software2

Vulnrichment•added 2025/04/16 9:14 a.m.•9 views

CVE-2025-27936 Webhook Secret Exposure via Timing attack in MSteams plugin

5.3CVSS7AI score0.0027EPSS

Exploits0References1

Positive Technologies•added 2025/04/16 12:0 a.m.•5 views

PT-2025-16571 · Mattermost · Mattermost Server +1

Name of the Vulnerable Software and Affected Versions: Mattermost Plugin MSTeams versions prior to 2.1.0 Mattermost Server versions 10.5.x through 10.5.1 Description: The issue allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret...

9.9CVSS4.6AI score0.00955EPSS

Exploits1References35

Snyk•added 2025/04/15 9:0 p.m.•6 views

Timing Attack

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

9.1CVSS6.8AI score0.00688EPSS

Exploits0References2

OSV•added 2025/04/10 8:12 p.m.•7 views

GHSA-256Q-HX8W-XCQX Silverstripe Framework user enumeration via timing attack on login and password reset forms

Impact User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+ References -...

5.3CVSS6.9AI score0.01109EPSS

Exploits0References7

Github Security Blog•added 2025/04/10 8:12 p.m.•14 views

Silverstripe Framework user enumeration via timing attack on login and password reset forms

5.3CVSS7.3AI score0.01109EPSS

Exploits0References7Affected Software1

Snyk•added 2025/04/10 9:41 a.m.•2 views

Observable Discrepancy

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Observable Discrepancy. An attacker can enumerate users by performing a timing attack on the login or password reset pages with user credentials...

6.9CVSS7AI score

Exploits0References2