Lucene search
K

87 matches found

Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.11 views

PickleFuzzer: A Case Study in Fuzzing for Discrepancies between Python Pickle Implementations

Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during...

5.9AI score
Exploits0
Veracode
Veracode
added 2026/04/24 9:58 a.m.18 views

Timing Attack

Bouncy Castle is vulnerable to Timing Attack. The vulnerability is due to timing discrepancies in cryptographic operations within the FrodoEngine component, which allows an attacker to infer sensitive information through timing analysis...

9.9CVSS5.1AI score0.00691EPSS
Exploits0References12Affected Software6
Snyk
Snyk
added 2026/03/27 6:31 p.m.7 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending...

9.1CVSS5.3AI score0.00704EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.3 views

CVE-2025-61546

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible d...

9.1CVSS5.6AI score0.00488EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1827

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A flaw exists in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice API endpoint that allows a remote attacker to create financial discrepancies. This is possible by purchasi...

9.1CVSS6.6AI score0.00488EPSS
Exploits2References4
EUVD
EUVD
added 2026/01/05 10:58 p.m.4 views

EUVD-2026-1048

AIOHTTP's unicode processing of header values could cause parsing discrepancies...

6.3CVSS6.1AI score0.00213EPSS
Exploits0References4
NVD
NVD
added 2025/10/14 1:15 a.m.6 views

CVE-2025-42903

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

4.3CVSS0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 12:17 a.m.4 views

EUVD-2025-34124

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

4.3CVSS6.1AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 2:15 p.m.3 views

CVE-2025-36225

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...

4.3CVSS5.7AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 1:56 p.m.31 views

CVE-2025-36225

CVE-2025-36225 concerns IBM Aspera Faspex information disclosure: Aspera Faspex versions 5.0.0–5.0.13.1 may disclose sensitive user information to an authenticated user due to an observable discrepancy in returned data. The IBM advisory (IBM Aspera Faspex security bulletin) lists this CVE among m...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3001

Malware in sbrugna...

5.3CVSS5.4AI score0.02446EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-23822

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/21 8:53 p.m.2 views

CVE-2025-54129 HAXiam allows for User Enumeration

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be...

4.3CVSS6.8AI score0.00268EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2025/07/21 4:54 p.m.3 views

How WIRED Analyzed the Epstein Video

On this episode of Uncanny Valley, we dive into the differences between what the US government said about a Jeffrey Epstein video it released and the story told by its metadata...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.5 views

The vulnerability of the user interface of Juniper Networks Junos OS allows a hacker to gain access to the device.

The vulnerability of the user interface of Juniper Networks Junos OS is related to discrepancies in the data of the user interface. Exploiting this vulnerability can allow a malicious actor to gain access to the device remotely...

9CVSS5.4AI score0.00604EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/06/11 2:20 p.m.62 views

CVE-2025-0163

CVE-2025-0163 affects IBM Security Verify Access Appliance and Docker versions 10.0–10.0.8. The vulnerability allows remote attackers to enumerate usernames due to an observable response discrepancy for disabled accounts. IBM’s bulletin confirms a fix path: update IBM Security Verify Access to 10...

5.3CVSS6.8AI score0.00294EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.16 views

CVE-2023-23449

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface...

5.3CVSS6.1AI score0.00785EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.5 views

CVE-2023-27283

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545...

5.3CVSS6.5AI score0.00471EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.4 views

The vulnerability of the OpenSearch software package, related to the disclosure of information through discrepancies, allows a perpetrator to compromise the integrity of data.

The vulnerability of the OpenSearch software package is related to the disclosure of information due to incompatibility. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of data...

5.3CVSS5.9AI score0.00328EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2025/03/13 12:0 a.m.48 views

CVE-2024-55198

CVE-2024-55198 affects Celk Sistemas Celk Saude v3.1.252.1. The vulnerability arises from discrepancies in error messages in the password recovery flow, enabling a remote attacker to enumerate existing users. Impact is user enumeration; no additional exploit details or exploitation status are pro...

5.3CVSS6.8AI score0.00421EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder