Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

3 matches found

Cvelist
Cvelistโ€ขadded 2026/03/20 9:41 a.m.โ€ข19 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS0.00055EPSS
Exploits1References3
CNNVD
CNNVDโ€ขadded 2026/03/20 12:0 a.m.โ€ข3 views

H3 ๅฎ‰ๅ…จๆผๆดž

H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...

5.9CVSS5.8AI score0.00055EPSS
Exploits1References4
Snyk
Snykโ€ขadded 2026/03/18 4:17 p.m.โ€ข3 views

Timing Attack

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducing password...

8.2CVSS5.8AI score0.00055EPSS
Exploits1References2
Rows per page
Query Builder