Lucene search
K

373 matches found

Debian CVE
Debian CVE
added 2026/07/02 4:6 p.m.7 views

CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

4.3CVSS5.8AI score0.00262EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.14 views

Tridium Niagara Observable Discrepancy (CVE-2025-3939)

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 9:28 p.m.36 views

CVE-2026-35212

OpenCTI vulnerability CVE-2026-35212: XSS in rendering of email-message observable body data due to insufficient sanitization in versions prior to 7.260227.0. The body content is rendered without proper sanitization, requiring user interaction and could be triggered by sharing STIX or ingesters, ...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 11:37 p.m.11 views

Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

6AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 4:14 p.m.8 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 4:14 p.m.28 views

CVE-2026-20195

The CVE concerns Cisco Identity Services Engine (ISE) where an identity management API endpoint exposes error-based responses that let unauthenticated remote attackers enumerate valid usernames. The issue stems from observable error messages when the affected API is invoked, enabling an attacker ...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/05/06 2:14 p.m.7 views

CVE-2026-43268

creationtimestamp| type| source ---|---|--- 2026-05-06 14:14:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6v6mo5un2k 2026-07-02 06:17:58+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260702...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.10 views

Alignment Contracts for Agentic Security Systems

Agentic security systems increasingly combine LLM planners with tools that can discover, validate, and report vulnerabilities. This creates an asymmetric control problem: the system should retain strong offensive capability inside an authorized engagement, while the same capabilities must be deni...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35743

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 12:0 a.m.5 views

EUVD-2025-209582

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 3:35 p.m.5 views

EUVD-2026-20904

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.1AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 3:16 p.m.10 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

7.2CVSS0.00363EPSS
Exploits0References1
Circl
Circl
added 2026/04/01 3:15 p.m.5 views

CVE-2026-0522

creationtimestamp| type| source ---|---|--- 2026-04-01 15:15:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3migyaylncf2s 2026-04-01 15:26:09+00:00| seen| Telegram/LPiyqtmOsuMBSJ4TiscGzigzJ0idlnzzivv75bN9d93RTXE...

8.8CVSS4.8AI score0.00608EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.11 views

EUVD-2025-208643

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 6:30 p.m.5 views

CVE-2025-12455 Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 6:30 p.m.6 views

CVE-2025-12455

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/12 8:43 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.9 Vulnerability Details CVEID:CVE-2025-13459 DESCRIPTION: IBM Aspera Console could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. CWE:CWE-841: Improper...

7.5CVSS5.9AI score0.00665EPSS
Exploits2Affected Software5
Circl
Circl
added 2026/02/04 11:22 p.m.3 views

GHSA-GJX9-J8F8-7J74

creationtimestamp| type| source ---|---|--- 2026-02-04 23:22:22+00:00| seen| Telegram/hShrqAyZdCIZOPoHN6b-ZakIdRSDkhHXfsBEGi173T8F08...

4.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2020-14145)

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...

5.9CVSS6.7AI score0.02057EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2019-13627)

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. This plugin only works with Tenable.ot. Please visit...

6.3CVSS6.7AI score0.0051EPSS
Exploits0References4
Rows per page
Query Builder