PickleFuzzer: A Case Study in Fuzzing for Discrepancies between Python Pickle Implementations

Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during...

Timing Attack

Bouncy Castle is vulnerable to Timing Attack. The vulnerability is due to timing discrepancies in cryptographic operations within the FrodoEngine component, which allows an attacker to infer sensitive information through timing analysis...

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending...

CVE-2025-61546

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible d...

PT-2026-1827

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A flaw exists in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice API endpoint that allows a remote attacker to create financial discrepancies. This is possible by purchasi...

EUVD-2026-1048

AIOHTTP's unicode processing of header values could cause parsing discrepancies...

CVE-2025-42903

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

EUVD-2025-34124

A vulnerability in SAP Financial Service Claims Management RFC function ICLUSERGETNAMEANDADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability...

CVE-2025-36225

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...

CVE-2025-36225

CVE-2025-36225 concerns IBM Aspera Faspex information disclosure: Aspera Faspex versions 5.0.0–5.0.13.1 may disclose sensitive user information to an authenticated user due to an observable discrepancy in returned data. The IBM advisory (IBM Aspera Faspex security bulletin) lists this CVE among m...

EUVD-2018-3001

Malware in sbrugna...

EUVD-2025-23822

Malicious code in bioql PyPI...

CVE-2025-54129 HAXiam allows for User Enumeration

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be...

How WIRED Analyzed the Epstein Video

On this episode of Uncanny Valley, we dive into the differences between what the US government said about a Jeffrey Epstein video it released and the story told by its metadata...

CVE-2025-0163

CVE-2025-0163 affects IBM Security Verify Access Appliance and Docker versions 10.0–10.0.8. The vulnerability allows remote attackers to enumerate usernames due to an observable response discrepancy for disabled accounts. IBM’s bulletin confirms a fix path: update IBM Security Verify Access to 10...

CVE-2023-23449

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface...

CVE-2023-27283

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545...

CVE-2024-55198

CVE-2024-55198 affects Celk Sistemas Celk Saude v3.1.252.1. The vulnerability arises from discrepancies in error messages in the password recovery flow, enabling a remote attacker to enumerate existing users. Impact is user enumeration; no additional exploit details or exploitation status are pro...

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

HTTP Request Smuggling Detection Tool This repository contain...

Username Enumeration Attack

ethycafides is vulnerable to Username Enumeration Attack. The vulnerability is due to discrepancies in response times between valid and invalid usernames, which allow attackers to infer valid usernames based on the timing of server responses...