CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2 days ago•3 views

CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00263EPSS

CVE•added 2 days ago•5 views

CVE-2026-48859

The CVE affects Erlang/OTP’s SSH server (ssh_auth and ssh_options) in OTP prior to 29.0.2 (SSH 6.0.x before 6.0.1). When the daemon uses user_passwords or password options, ssh_auth:check_password/3 performs PBKDF2-SHA256 with 600,000 iterations (~300 ms) for valid usernames, but returns in ~0 ms...

6.3CVSS5.5AI score0.00263EPSS

SUSE Linux•added 4 days ago•3 views

Security update for memcached

This update for memcached fixes the following issues CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881. Patch Instructions: To install this SUSE update...

OSV•added 4 days ago•3 views

Exploits0References8

SUSE-SU-2026:2293-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

SUSE Linux•added 4 days ago•4 views

Security update for memcached

OSV•added 4 days ago•3 views

Exploits0References8

SUSE-SU-2026:2292-1 Security update for memcached

RedhatCVE•added last week•6 views

CVE-2026-33877

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS5.4AI score0.00029EPSS

Exploits1References1

RedhatCVE•added last week•6 views

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

9.5CVSS5.4AI score0.00079EPSS

Exploits0References1

OPENSUSE Linux•added 2026/06/03 12:0 a.m.•7 views

Security update for memcached (important)

openSUSE security update: security update for memcached ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20884-1 Rating: important References: bsc1265873 bsc1265881 Cross-References: CVE-2026-47783 CVE-2026-47784 CVSS scores: CVE-2026-47783 SUSE : 8....

8.1CVSS5.8AI score0.00085EPSS

Exploits0References2

OSV•added 2026/06/02 1:57 p.m.•1 views

SUSE-SU-2026:22022-1 Security update for memcached

8.1CVSS5.4AI score0.00085EPSS

OSV•added 2026/06/02 1:56 p.m.•3 views

OPENSUSE-SU-2026:20884-1 Security update for memcached

8.1CVSS5.8AI score0.00085EPSS

NVD•added 2026/06/01 9:16 p.m.•10 views

CVE-2026-5419

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS0.00052EPSS

Vulnrichment•added 2026/06/01 7:26 p.m.•6 views

CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

ATTACKERKB•added 2026/06/01 7:26 p.m.•8 views

CVE-2026-5419

Cvelist•added 2026/06/01 7:26 p.m.•23 views

CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

3.7CVSS0.00052EPSS

CVE•added 2026/06/01 7:26 p.m.•13 views

CVE-2026-5419

The CVE-2026-5419 issue affects the GnuTLS library: PKCS#7 padding removal during decryption may leak padding information via timing differences due to non-constant-time checks. This is an information-disclosure risk. Reports and patches across multiple distros exist: SUSE-2026-2115; Ubuntu USN-8...

EUVD•added 2026/06/01 7:26 p.m.•9 views

EUVD-2026-33755

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Exploits0References3

GnuTLS security vulnerabilities

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the fact that the PKCS7 padding check does not occur at a constant time during decryptio...