40 matches found
MAL-2026-2505 Malicious code in @aspect-security/argon2 (npm)
The package performs data exfiltration, arbitrary command execution in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b426577fc5361773d25297fdb9fce28835e15d9ab86909c6652f5c1b71c4e543 The package @aspect-security/argon2 was found to contain...
Malicious code in argon2-napi (npm)
Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...
MAL-2026-2511 Malicious code in argon2-napi (npm)
Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...
CVE-2026-25222
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222
CVE-2026-25222 describes a timing-attack in PolarLearn’s sign-in flow for versions prior to 0-PRERELEASE-15. An unauthenticated attacker can infer whether an email is registered by measuring login response times: requests for existing users take ~650ms, while non-existent users are ~160ms, becaus...
CVE-2026-25222
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
PT-2026-5730
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
EUVD-2023-1055
Malicious code in bioql PyPI...
Oracle Linux 9 : php:8.3 (ELSA-2025-7418)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7418 advisory. php 8.3.19-1 - rebase to 8.3.19 8.3.15-1 - rebase to 8.3.15 8.3.12-1 - rebase to 8.3.12 RHEL-62189 - enable command history in phpdbg - backport Argon2...
php:8.3 security update
php 8.3.19-1 - rebase to 8.3.19 8.3.15-1 - rebase to 8.3.15 8.3.12-1 - rebase to 8.3.12 RHEL-62189 - enable command history in phpdbg - backport Argon2 password hashing in OpenSSL ext - build sockets extension statically - switch to nikic/php-parser version 5 - openssl: always warn about missing...
Evaluating Argon2 Adoption and Effectiveness in Real-World Software
Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner,...
PT-2024-35954 · Rpgp · Rpgp
Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...
PT-2024-23109
Name of the Vulnerable Software and Affected Versions Serverpod versions prior to 1.2.6 Description An issue was identified with the old password hash algorithm used by Serverpod, making it susceptible to rainbow attacks if the database was compromised. The vulnerability is addressed by switching...
CVE-2023-27481 Extract password hashes through export querying in directus
Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...
CVE-2016-20013
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service CPU consumption because the algorithm's runtime is proportional to the square of the length of the password...
VSHG - Hardware resistance & enhanced security for GnuPG
VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG's standared s2k key-derivation-function + a simplified interface for symmetric encryption . About VSHG VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and ...
Hardware resistance & enhanced security for GnuPG
VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG’s standard s2k key-derivation-function + a simplified interface for symmetric encryption . VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and is designed...