EUVD-2021-1085

Malware in sbrugna...

EUVD-2021-0151

Malware in sbrugna...

EUVD-2015-8501

Malware in sbrugna...

EUVD-2017-9011

Malware in sbrugna...

EUVD-2021-34105

Malicious code in bioql PyPI...

EUVD-2023-44867

Malicious code in bioql PyPI...

CVE-2025-6386

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms

The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...

CVE-2025-48952 NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

CVE-2021-3797

hestiacp is vulnerable to Use of Wrong Operator in String Comparison...

CVE-2022-24787

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...

CVE-2024-27295

Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...

PT-2025-37962

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6 Description The Linux kernel contains a flaw in the efivarfs module related to an out-of-bounds write in the efivarfs d compare function. This issue occurs when dentry-d name.len is less than EFI VARIABLE GUI...

CVE-2024-56522

TCPDF vulnerability CVE-2024-56522 affects TCPDF before 6.8.0, where unserializeTCPDFtag uses loose comparison ( != ) and does not use a constant-time function to compare tag hashes. The issue is reported with CVSS v3.1: High (7.5) risk, network attack vector, no privileges required, no user inte...

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

NumPy < 1.22.0 Vulnerability - CVE-2021-34141

The version of NumPy installed on the remote host is prior to 1.22.0. It is, therefore, affected by an incomplete string comparison vulnerability in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE...

SUSE-SU-2024:0464-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character bsc1210638. - CVE-2022-48566: Use CRYPTOmemcmp for comparedigest bsc1214691...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

OESA-2022-1522 numpy security update

A fast multidimensional array facility for Python. Security Fixes: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort...

PT-2021-23314 · Cvxopt +2 · Cvxopt +2

Name of the Vulnerable Software and Affected Versions: cvxopt version 1.2.6 and earlier Description: The issue is related to an incomplete string comparison vulnerability in certain APIs, specifically cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, and cvxopt.cholmod.spsolve...