Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 10:57 a.m.6 views

CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2022-41076

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00291EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-53364

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00992EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-32096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial ...

7.5CVSS7.6AI score0.00992EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-38493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Servi...

7.5CVSS7.3AI score0.00291EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 12:42 a.m.8 views

CVE-2022-32096

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted JWE token...

7.5CVSS7.5AI score0.00992EPSS
Exploits0References1
OSV
OSVadded 2024/02/11 3:15 a.m.14 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS6.7AI score
Exploits0References1
NVD
NVDadded 2024/02/11 3:15 a.m.11 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS6.4AI score0.00814EPSS
Exploits0References1
OSV
OSVadded 2024/02/11 3:15 a.m.3 views

DEBIAN-CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS5.3AI score0.00814EPSS
Exploits0References1
OSV
OSVadded 2024/02/11 3:15 a.m.1 views

UBUNTU-CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS5.8AI score0.00814EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2024/02/11 3:15 a.m.9 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS5.9AI score0.00814EPSS
Exploits0References1
Prion
Prionadded 2024/02/11 3:15 a.m.15 views

Code injection

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

7AI score0.00814EPSS
Exploits0References1
CVE
CVEadded 2024/02/11 12:0 a.m.81 views

CVE-2024-25714

CVE-2024-25714 affects Rhonabwy up to 1.1.13. The HMAC signature verification uses a strcmp-based comparison that can leak timing information via a side-channel, as it stops at the first difference. The documented fix replaces this with a constant-time function (gnutls_memcmp). No exploitation de...

9.8CVSS6.5AI score0.00814EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2024/02/11 12:0 a.m.13 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS9.4AI score0.00814EPSS
Exploits0
CNNVD
CNNVDadded 2024/02/11 12:0 a.m.7 views

Rhonabwy security breach

Rhonabwy is a Javascript Object Signing and Encryption JOSE library by Nicolas Mora, a Canadian personal developer. A security vulnerability exists in Rhonabwy 1.1.13 and earlier versions, which stems from the use of the strcmp function for HMAC signature verification...

9.8CVSS6.8AI score0.00814EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/02/11 12:0 a.m.14 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

6.7AI score0.00814EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/02/11 12:0 a.m.14 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

6.7AI score0.00814EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/02/10 12:0 a.m.5 views

PT-2024-21109 · Rhonabwy +1 · Rhonabwy +1

Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 1.1.13 and earlier Description: The issue is related to HMAC signature verification, which uses a strcmp function. This function is vulnerable to side-channel attacks because it stops the comparison when the first difference...

9.8CVSS6.8AI score0.00814EPSS
Exploits0References15
NVD
NVDadded 2022/08/20 8:15 p.m.12 views

CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

7.5CVSS0.00291EPSS
Exploits0References1
OSV
OSVadded 2022/08/20 8:15 p.m.8 views

CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...

7.5CVSS6.6AI score
Exploits0References1
Rows per page
Query Builder