Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/26 8:19 p.m.39 views

CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:19 p.m.8 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS6AI score0.00129EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.25 views

PT-2026-52973

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.4 Description A Time-of-Check to Time-of-Use TOCTOU flaw exists in NppCommands.cpp. The application validates the HMAC of the shortcuts.xml file on disk when a user command is triggered, but it executes the...

7.5CVSS5.8AI score0.00129EPSS
Exploits2References5
EUVD
EUVD
added 2026/04/10 8:58 p.m.7 views

EUVD-2026-21597

phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...

3.7CVSS5.8AI score0.00334EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 8:58 p.m.9 views

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

3.7CVSS5.9AI score0.00334EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/10 8:24 p.m.1 views

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS6AI score0.00334EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2008/06/10 7:1 a.m.37 views

Moderate: Red Hat Security Advisory: ucd-snmp security update

Updated ucd-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Simple Network Management Protocol SNMP is a protocol used for network management. A fla...

10CVSS6.5AI score0.6879EPSS
Exploits7References2
Rows per page
Query Builder