Lucene search
K

713 matches found

OSV
OSV
added 2026/06/05 4:3 p.m.9 views

GHSA-JR54-JWHJ-55GP NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:3 p.m.14 views

NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/05 4:3 p.m.7 views

GHSA-QHXG-623C-CFJM NocoDB: Plaintext Password Comparison in Shared Views

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

6.9CVSS5.5AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46997

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The shared-view password check used strict-equality === comparison for legacy plaintext passwords. This creates a timing oracle, allowing a network-positioned attacker to leak the password length...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47084

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A flaw in the token-exchange flow allows two concurrent requests using the same OAuth authorization code to each generate a distinct valid access token and refresh token pair. This occurs because...

6.3CVSS6AI score0.00197EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: A rare race condition in genradixptralloc has been fixed. If we need to increase the tree depth, we will allocate a new node. If another thread increases the tree depth before us, we will still have a...

4.7CVSS6.2AI score0.00161EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Python 2.7, Python 3.7

A issue was discovered in the comparedigest function in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimizations were possible in the accumulator variable used in hmac.comparedigest...

5.9CVSS6.8AI score0.01148EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in binutils

A vulnerability was discovered in Binutils objdump prior to version 2.39.3. Attackers can exploit this vulnerability to cause a denial of service or other unspecified effects through the function comparesymbols...

7.8CVSS6.3AI score0.00404EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed kernel address leakage in atomic cmpxchg operations with R0 as an auxiliary register. The implementation of BPFCMPXCHG at a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG +...

5.5CVSS5.9AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race conditions in allocslabobjexts. If two competing threads enter allocslabobjexts, and one of them fails to allocate the object extension vector, it may override the valid slab-objexts allocated by the other thread...

5.3AI score0.00166EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Initialization of additional fields in sctpv6fromsk was incorrect, leading to undefined behavior. SYZbot discovered that sin6scopeid was not properly initialized, causing undefined behavior. sin6scopeid and sin6flowinfo...

5.5CVSS6.5AI score0.0016EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/20 5:45 a.m.8 views

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.0055EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.13 views

Fedora 44 : coturn (2026-3b3139882c)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b3139882c advisory. Coturn 4.11.0 - Fix prometheus response memory leak introduced in 4.10.0 - Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC - Fix format-string...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.47 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities stem from the fact that ksmbd does not verify the SID length of inherited ACEs in the...

8.8CVSS6AI score0.00408EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.42 views

CVE-2026-44197

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 4:17 p.m.13 views

PYSEC-2026-146

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 2:39 p.m.11 views

CVE-2026-44197 Wagtail: Improper permission handling when comparing revisions

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 2:39 p.m.55 views

CVE-2026-44197 Wagtail: Improper permission handling when comparing revisions

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS0.00204EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.7 views

SUSE CVE-2026-43370

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 8:17 p.m.15 views

Wagtail has improper permission handling when comparing revisions

Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder