Lucene search
K

479 matches found

OSV
OSV
added 2026/05/19 12:0 a.m.11 views

MAL-2026-3997 Malicious code in @antv/g6-wx (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.10 views

Fifty Shades of Darknet

The Invisible Internet Project I2P is a peer-to-peer anonymous overlay network whose architecture includes a structurally distinct sublayer not characterized in existing security literature. We term this sublayer the Exclusive Network: nodes here host operational services and draw on I2P's routin...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/19 12:0 a.m.15 views

MAL-2026-3995 Malicious code in @antv/g6-react-node (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.14 views

MAL-2026-4035 Malicious code in @antv/l7-composite-layers (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
HackRead
HackRead
added 2026/05/18 1:42 p.m.26 views

Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign

Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/14 3:23 p.m.11 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via the authentication process. An attacker can recover user credentials by exploiting timing differences during MD5-hashed password comparison. This is only exploitable if the database contains MD5-hashed password...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.16 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 1:0 p.m.9 views

CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.18 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0
CVE
CVE
added 2026/05/14 1:0 p.m.41 views

CVE-2026-6478

CVE-2026-6478 enables a covert timing channel during MD5 password comparison in PostgreSQL authentication, allowing credential recovery sufficient to authenticate. The issue does not affect scram-sha-256 passwords. It can affect databases with MD5-hashed passwords originating from upgrades from P...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References33Affected Software1
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.30 views

Vulnerability in core server (CVE-2026-6478)

PostgreSQL discloses MD5-hashed passwords via covert timing channel Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.12 views

On the (Non-)Resilience of Encrypted Controllers to Covert Attacks

The security of networked control systems NCS is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailore...

5.8AI score
Exploits0
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.34 views

Covert timing channel at org.bouncycastle:bcprov-jdk18on dependency in Bamboo Data Center

This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code...

9.9CVSS5.8AI score0.00691EPSS
Exploits0
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.28 views

Covert timing channel vulnerability at Bouncy Castle dependency at Crucible Server

This High severity Covert timing channel vulnerability was introduced in version 4.9.0 of Crucible Server. Atlassian recommends that Crucible Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crucible Da...

9.9CVSS5.8AI score0.00691EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.6 views

Reflecthernet: Exfiltrating 100BASE-TX Ethernet Traffic Using a Retroreflector Hardware Trojan

Electromagnetic eavesdropping is a well-established attack vector for remotely monitoring a target activity, most notably displays, over considerable ranges. Other targets have been considered resistant to such attacks or do not exhibit sufficient electromagnetic leakage for practical exploitatio...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.10 views

Joint Secrecy and Covert Communication (JSACC): An Enhanced Physical Layer Security Approach

In this paper, we propose an enhanced physical layer security approach, named joint secrecy and covert communication JSACC, which aims to improve the performance of physical layer security PLS. The JSACC system can dynamically switch between secrecy mode and covert mode according to the channel...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/23 4:42 p.m.12 views

Harvester APT Expands Spying Operations with New GoGra Linux Malware

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.4 views

CVE-2026-40337

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

5.1CVSS5.8AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/04/18 12:16 a.m.6 views

CVE-2026-40337

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

5.1CVSS0.00155EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.8 views

Sentry kernel 安全漏洞

Sentry kernel is an open-source implementation of a microkernel for high-security embedded systems by camelot-os. Versions of the Sentry kernel prior to 0.4.7 contained security vulnerabilities. These vulnerabilities stemmed from tasks with DEV or IO capabilities being able to interact with anoth...

5.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder