CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0067

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.00158EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2022-3248

Malicious code in bioql PyPI...

4.4CVSS4.9AI score0.00361EPSS

Exploits0References8

RedhatCVE•added 2025/05/23 10:42 a.m.•9 views

CVE-2024-47869

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...

3.7CVSS6.5AI score0.00158EPSS

Exploits0

RedhatCVE•added 2025/05/22 10:45 p.m.•5 views

CVE-2022-29185

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

4.4CVSS6.8AI score0.00361EPSS

Exploits0References1

OSV•added 2025/02/12 9:31 p.m.•8 views

MGASA-2025-0059 Updated php-tcpdf packages fix security vulnerabilities

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...

9.8CVSS7.3AI score0.00469EPSS

Exploits1References3

NVD•added 2024/10/10 11:15 p.m.•13 views

CVE-2024-47869

3.7CVSS0.00158EPSS

Exploits0References1

OSV•added 2024/10/10 11:15 p.m.•7 views

PYSEC-2024-199

3.7CVSS3.9AI score0.00158EPSS

Exploits0References1

Cvelist•added 2024/10/10 10:16 p.m.•21 views

CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio

2.3CVSS0.00158EPSS

Exploits0References1

CVE•added 2024/10/10 10:16 p.m.•65 views

CVE-2024-47869

Summary (CVE-2024-47869): Gradio (Python) contains a timing-attack vulnerability in the analytics_dashboard hash comparison that is not performed in constant time. An attacker could infer the correct hash byte-by-byte by measuring response times, potentially gaining unauthorized access to the ana...

3.7CVSS3.9AI score0.00158EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/10/10 10:16 p.m.•10 views

CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio

2.3CVSS6.5AI score0.00158EPSS

Exploits0References1

OSV•added 2024/10/10 10:16 p.m.•11 views

CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio

2.3CVSS6.4AI score0.00158EPSS

Exploits0References3

Github Security Blog•added 2024/10/10 10:3 p.m.•13 views

Gradio performs a non-constant-time comparison when comparing hashes

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of differen...

3.7CVSS6.6AI score0.00158EPSS

Exploits0References4Affected Software1

OSV•added 2024/10/10 10:3 p.m.•8 views

GHSA-J757-PF57-F8R4 Gradio performs a non-constant-time comparison when comparing hashes

6.3CVSS3.8AI score0.00158EPSS

Exploits0References4

Positive Technologies•added 2024/09/25 12:0 a.m.•3 views

PT-2024-19601 · Unknown · Openslides

Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...

7.5CVSS6.3AI score0.00333EPSS

Exploits0References7

RedhatCVE•added 2024/08/15 5:18 p.m.•12 views

CVE-2024-42368

A vulnerability was found in OpenTelemetry, specifically in the github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension. This flaw impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform...

6.5CVSS6.2AI score0.00041EPSS

Exploits0References6

Cvelist•added 2024/08/13 7:31 p.m.•11 views

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

6.5CVSS0.00041EPSS

Exploits0References3

Vulnrichment•added 2024/08/13 7:31 p.m.•10 views

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

6.5CVSS6.9AI score0.00041EPSS

Exploits0References3

Positive Technologies•added 2023/10/31 12:0 a.m.•3 views

PT-2023-10311 · Jhipster · Generator-Jhipster

Name of the Vulnerable Software and Affected Versions: JHipster generator-jhipster versions prior to 2.23.0 Description: The issue allows for a timing attack against the validateToken function due to a string comparison that stops at the first different character. This enables attackers to guess...

7.5CVSS7.4AI score0.00214EPSS

Exploits0References7

NVD•added 2023/05/30 4:15 a.m.•10 views

CVE-2023-32691

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.6AI score0.00326EPSS

Exploits1References2

Prion•added 2023/05/30 4:15 a.m.•17 views

Design/Logic Flaw

2.6CVSS5.6AI score0.00326EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by