Catalyst-Plugin-Authentication 安全漏洞

Catalyst-Plugin-Authentication is an open-source authentication plugin framework developed by Catalyst. Versions of Catalyst-Plugin-Authentication prior to 0.10024 contain security vulnerabilities; these vulnerabilities stem from the use of the Perl built-in eq comparison function, which may lead...

GHSA-MPP2-X7WV-38HV NocoDB has Plaintext Storage of Shared View Passwords

Summary Shared view passwords were stored in plaintext in the database and compared using direct string equality. Details The password column in ncviews stored unhashed passwords. Verification used !== comparison across public-datas.service.ts, public-metas.service.ts, and...

CVE-2025-54336

CVE-2025-54336 (Plesk Obsidian 18.0.70) is a vulnerability where _isAdminPasswordValid uses a weak == comparison in admin/plib/LoginManager.php, enabling authentication bypass if the correct password has the form "0e" followed by digits. This can let an attacker log in with strings evaluating to ...

Timing Attack

basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...

CVE-2024-47178

The CVE-2024-47178 issue affects basic-auth-connect (

CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...