Lucene search
K

406 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.106 views

Apache Tomcat 9.0.0.M1 < 9.0.118 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.118. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.118security-9 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. Th...

9.8CVSS6.6AI score0.01339EPSS
Exploits2References18
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.6 views

Debian dla-4551 : libmbedcrypto3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4551 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4551-1 [email protected]...

6.7CVSS5.7AI score0.0024EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/25 4:14 p.m.5 views

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the cryptohmac.cc module using memcmp, a non-constant-time comparison function to validate user-provided HMAC signatures, rather than the timing-safe equivalents used elsewhere in the codebase. An...

6.3CVSS5.9AI score0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/03/05 9:30 p.m.4 views

GHSA-MJQR-5C55-G77H @perfood/couch-auth has an Observable Timing Discrepancy

An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.8 views

@perfood/couch-auth has an Observable Timing Discrepancy

An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/05 9:16 p.m.7 views

CVE-2025-70949

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS0.00379EPSS
Exploits0References3
OSV
OSV
added 2026/02/10 12:30 p.m.8 views

GHSA-C4QC-4Q9P-M9Q9 Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.29 views

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.6AI score0.00219EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/10 10:15 a.m.8 views

UBUNTU-CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7.1AI score0.00219EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 9:25 a.m.5 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 10:27 p.m.7 views

GHSA-95C6-P277-P87G FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...

3.7CVSS5.6AI score0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.18 views

CVE-2021-0001

Observable timing discrepancy in IntelR IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access...

4.7CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 4:16 a.m.3 views

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS6.6AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 4:15 a.m.5 views

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 3:25 a.m.2 views

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS6.2AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 3:25 a.m.12 views

CVE-2025-52457

CVE-2025-52457 describes an Observable Timing Discrepancy (CWE-208) in Gallagher HBUS devices that could let an attacker with physical access extract device-specific keys, potentially compromising site security. Affected: Command Centre Server, including 9.30 before vCR9.30.251028a (MR3), 9.20 be...

5.7CVSS6.2AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 3:25 a.m.13 views

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

5.7CVSS0.0013EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 3:2 p.m.4 views

GO-2025-4036 Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server

Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server...

3.7CVSS7AI score0.00246EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. CVE-2025-59438 Note that Nessus relies on the presence of the package as reported by the vendor...

5.3CVSS4.4AI score0.0024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/22 11:23 p.m.5 views

SUSE CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

5.5CVSS7AI score0.0024EPSS
Exploits0References7
Rows per page
Query Builder