1487 matches found
grav-cms-filecache-object-injection
Grav CMS FileCache Object Injection Description The File...
Exploit for CVE-2026-39324
CVE-2026-39324 Rack::Session::Cookie decrypt failure falls...
ROS-20260407-73-0040
A vulnerability in the net/ipv6/seg6hmac.c component of the Linux operating system kernel is associated with information leakage based on timing discrepancies. Exploitation of the vulnerability allows an attacker to cause a denial of service...
BIT-NODE-MIN-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
BIT-NODE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection
Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection
Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...
CVE-2026-21713
A flaw was found in Node.js. The HMAC Hash-based Message Authentication Code verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurement...
EUVD-2026-17174
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
ALPINE-CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
UBUNTU-CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
CVE-2026-21713
CVE-2026-21713 (Node.js HMAC timing side-channel) involves a non-constant-time comparison in HMAC verification, exposing potential timing information proportional to the number of matching bytes. The issue is present across 20.x, 22.x, 24.x, and 25.x releases. The advisories note that Node.js alr...
CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...
Node.js 安全漏洞
Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...
Updated nodejs packages fix security vulnerabilities
Incomplete fix for CVE-2026-21637: loadSNI in tlswrap.js lacks try/catch leading to Remote DoS. CVE-2026-21637 Denial of Service via proto header name in req.headersDistinct Uncaught TypeError crashes Node.js process. CVE-2026-21710 Timing side-channel in HMAC verification via memcmp in...
CVE-2026-4662
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...
Observable Timing Discrepancy
Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the cryptohmac.cc module using memcmp, a non-constant-time comparison function to validate user-provided HMAC signatures, rather than the timing-safe equivalents used elsewhere in the codebase. An...