CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added yesterday•3 views

Security Bulletin: IBM Technical Support Appliance is affected by a timing channel vulnerability in Bouncy Castle BC-JAVA

Summary IBM Technical Support Appliance TSA includes a vulnerable version of the Bouncy Castle BC-JAVA library bcprov-jdk18on-1.78.1.jar. A flaw in the FrodoEngine component may expose information through a covert timing channel, potentially affecting the confidentiality of cryptographic operatio...

9.9CVSS5.5AI score0.00022EPSS

Exploits0Affected Software1

IBM Security Bulletins•added yesterday•2 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-3505, CVE-2025-14813, CVE-2026-0636, CVE-2026-5598, CVE-2026-33671, CVE-2026-33672, CVE-2026-5588, CVE-2026-40175)

Summary IBM Rational Developer for i is affected by an uncontrolled resource consumption vulnerability in Bcpg CVE-2026-3505, a broken or risky cryptographic vulnerability in Bcprov CVE-2025-14813, an LDAP injection vulnerability in Bcprov CVE-2026-0636, a covert timing channel vulnerability in...

9.9CVSS5.8AI score0.00063EPSS

Exploits5Affected Software1

OSV•added yesterday•3 views

JLSEC-2026-605

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.5AI score0.0008EPSS

Amazon•added yesterday•2 views

Medium: memcached

Issue Overview: In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, password data for SASL password database...

8.1CVSS5.4AI score0.00085EPSS

RedhatCVE•added 2026/05/28 11:5 a.m.•6 views

CVE-2026-6478

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.7AI score0.0008EPSS

Exploits0References4

IBM Security Bulletins•added 2026/05/27 2:2 p.m.•17 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2025-14813, CVE-2026-5598 reported for bcprov-jdk18on-1.81.jar. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JA...

9.9CVSS7.1AI score0.00022EPSS

Exploits0Affected Software1

OSV•added 2026/05/21 6:52 p.m.•3 views

CLSA-2026-1779389543 Fix of 6 CVEs

SECURITY UPDATE: integer wraparound on 32-bit systems in palloc callers - debian/patches/CVE-2026-6473.patch: integer wraparound on 32-bit systems in palloc callers - CVE-2026-6473 SECURITY UPDATE: format-string memory disclosure in timeofday via crafted timezones -...

8.8CVSS6AI score0.0008EPSS

Microsoft CVE•added 2026/05/21 8:1 a.m.•6 views

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

...

8.1CVSS5.8AI score0.00085EPSS

Mageia•added 2026/05/19 2:46 a.m.•13 views

Updated postgresql15 packages fix security vulnerabilities

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...

8.8CVSS6.1AI score0.0008EPSS

Exploits0References2

RedHat Linux•added 2026/05/18 12:24 p.m.•12 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00022EPSS

Exploits0References5

RedHat Linux•added 2026/05/18 12:12 p.m.•10 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

9.9CVSS5.8AI score0.00022EPSS

Exploits0References5

OSV•added 2026/05/18 5:53 a.m.•2 views

BIT-POSTGRESQL-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel

Microsoft CVE•added 2026/05/16 8:3 a.m.•11 views

Exploits0References2

PostgreSQL discloses MD5-hashed passwords via covert timing channel

...

Snyk•added 2026/05/14 3:23 p.m.•6 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via the authentication process. An attacker can recover user credentials by exploiting timing differences during MD5-hashed password comparison. This is only exploitable if the database contains MD5-hashed password...

8.2CVSS5.8AI score0.0008EPSS

Exploits0References2

NVD•added 2026/05/14 2:16 p.m.•6 views

CVE-2026-6478

6.5CVSS0.0008EPSS

OSV•added 2026/05/14 2:16 p.m.•5 views

ALPINE-CVE-2026-6478

UbuntuCve•added 2026/05/14 2:16 p.m.•3 views

CVE-2026-6478

OSV•added 2026/05/14 2:16 p.m.•2 views

Exploits0References4

UBUNTU-CVE-2026-6478

CVE•added 2026/05/14 1:0 p.m.•18 views

Exploits0References5

CVE-2026-6478

CVE-2026-6478 describes a covert timing channel in PostgreSQL authentication that leverages the comparison of MD5-hashed passwords to recover credentials sufficient to authenticate. The issue affects MD5-hashed password usage (not affecting scram-sha-256 by default) and is pertinent to environmen...