Libgcrypt 1.12.2

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

CVE-2026-33882

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retriev...

UBUNTU-CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

CVE-2026-1627

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...

CVE-2026-1627

The CVE concerns the SSH service on a device using outdated/weak MAC algorithms, which can undermine the integrity of an SSH session. The underlying issue is the use of weak MACs during authenticated network traffic, enabling a potentially attacker-controlled manipulation of transmitted data if t...

OpenBao 日志信息泄露漏洞

OpenBao is an OpenBao open source sensitive data management software. A log information disclosure vulnerability exists in OpenBao versions 2.2.0 through 2.4.1, which stems from audit logs that do not properly edit the original HTTP body, which could lead to the disclosure of ACME authentication...

EUVD-2024-26943

Malicious code in bioql PyPI...

EUVD-2022-35120

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of SIMD availability checking, which could lead to register corruption or miscalculated MACs...

PT-2025-37483

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's crypto/arm/poly1305 module where register corruption can occur in non-SIMD contexts. This issue arises from the removal of a SIMD usability check,...

PT-2025-37485

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's poly1305 function within the arm64/poly1305 module. The issue involves register corruption in contexts where Single Instruction Multiple Data SIMD i...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CLSA-2025-1739812201 Fix CVE(s): CVE-2024-3596

SECURITY UPDATE: Generate and verify message MACs in libkrad - debian/patches/CVE-2024-3596.patch: implement support for Message-Authenticator in libkrad - CVE-2024-3596 debian/control: add package Recommends to krb5-doc...

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations NGOs, information technology IT services an...

CVE-2023-20123

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2022-2891

The CVE-2022-2891 entry documents a time-based side-channel attack in the WP 2FA WordPress plugin prior to version 2.3.0. The vulnerability arises from comparison operators that do not mitigate timing differences, potentially leaking information about authentication codes during comparison. Affec...

CVE-2022-2891 WP 2FA < 2.3.0 - Time-Based Side-Channel Attack

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...