Lucene search
+L

40 matches found

OSV
OSV
added 2026/04/07 12:16 p.m.3 views

MAL-2026-2505 Malicious code in @aspect-security/argon2 (npm)

The package performs data exfiltration, arbitrary command execution in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b426577fc5361773d25297fdb9fce28835e15d9ab86909c6652f5c1b71c4e543 The package @aspect-security/argon2 was found to contain...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/07 12:15 p.m.7 views

Malicious code in argon2-napi (npm)

Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/07 12:15 p.m.5 views

MAL-2026-2511 Malicious code in argon2-napi (npm)

Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.7 views

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

7.5CVSS5.5AI score0.00413EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/02 11:1 p.m.30 views

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS0.00413EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/02 11:1 p.m.4 views

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS5.5AI score0.00413EPSS
Exploits1References2
CVE
CVE
added 2026/02/02 11:1 p.m.16 views

CVE-2026-25222

CVE-2026-25222 describes a timing-attack in PolarLearn’s sign-in flow for versions prior to 0-PRERELEASE-15. An unauthenticated attacker can infer whether an email is registered by measuring login response times: requests for existing users take ~650ms, while non-existent users are ~160ms, becaus...

7.5CVSS5.5AI score0.00413EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/02 11:1 p.m.5 views

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS5.5AI score0.00413EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/02 11:1 p.m.7 views

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS5.5AI score0.00413EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.14 views

PT-2026-5730

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS5.5AI score0.00413EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1055

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00604EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/05/23 12:0 a.m.15 views

Oracle Linux 9 : php:8.3 (ELSA-2025-7418)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7418 advisory. php 8.3.19-1 - rebase to 8.3.19 8.3.15-1 - rebase to 8.3.15 8.3.12-1 - rebase to 8.3.12 RHEL-62189 - enable command history in phpdbg - backport Argon2...

9.8CVSS6.4AI score0.01407EPSS
Exploits3References7
Oracle linux
Oracle linux
added 2025/05/22 12:0 a.m.33 views

php:8.3 security update

php 8.3.19-1 - rebase to 8.3.19 8.3.15-1 - rebase to 8.3.15 8.3.12-1 - rebase to 8.3.12 RHEL-62189 - enable command history in phpdbg - backport Argon2 password hashing in OpenSSL ext - build sockets extension statically - switch to nikic/php-parser version 5 - openssl: always warn about missing...

9.2CVSS6.7AI score0.01407EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.6 views

Evaluating Argon2 Adoption and Effectiveness in Real-World Software

Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner,...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.7 views

PT-2024-35954 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...

8.7CVSS6.9AI score0.00448EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.6 views

PT-2024-23109

Name of the Vulnerable Software and Affected Versions Serverpod versions prior to 1.2.6 Description An issue was identified with the old password hash algorithm used by Serverpod, making it susceptible to rainbow attacks if the database was compromised. The vulnerability is addressed by switching...

5.3CVSS6.8AI score0.00262EPSS
Exploits0References12
OSV
OSV
added 2023/03/07 6:20 p.m.31 views

CVE-2023-27481 Extract password hashes through export querying in directus

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

4.3CVSS5.1AI score0.00604EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/02/19 5:15 a.m.264 views

CVE-2016-20013

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service CPU consumption because the algorithm's runtime is proportional to the square of the length of the password...

7.5CVSS7.1AI score0.02234EPSS
Exploits1References4
Kitploit
Kitploit
added 2019/03/01 12:43 p.m.194 views

VSHG - Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG's standared s2k key-derivation-function + a simplified interface for symmetric encryption . About VSHG VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and ...

7.5AI score
Exploits0References1
n0where
n0where
added 2018/10/23 4:46 a.m.91 views

Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG’s standard s2k key-derivation-function + a simplified interface for symmetric encryption . VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and is designed...

7.5AI score
Exploits0References1
Rows per page
Query Builder