CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в libmojolicious-perl

The Mojolicious module prior to version 8.65 for Perl is vulnerable to securecompare timing attacks, which allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS7.1AI score0.00507EPSS

EUVD•added 2026/05/14 6:42 p.m.•4 views

EUVD-2026-30367

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

10CVSS5.8AI score0.00124EPSS

OSV•added 2026/05/07 9:8 p.m.•2 views

GHSA-Q6MH-RQWH-G786 Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

10CVSS5.9AI score0.00124EPSS

Exploits0References5

NVD•added 2026/04/28 7:37 p.m.•5 views

CVE-2026-41407

OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handli...

6.3CVSS0.00225EPSS

EUVD•added 2026/04/28 6:10 p.m.•3 views

EUVD-2026-26114

6.3CVSS5.2AI score0.00225EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35790

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description A timing side channel occurs in shared-secret comparison call sites that utilize early length-mismatch checks rather than fixed-length comparison helpers. This allows attackers to measure timing...

6.3CVSS5.8AI score0.00225EPSS

Exploits0References7

Github Security Blog•added 2026/04/07 6:16 p.m.•4 views

OpenClaw: Shared-secret comparison call sites leaked length information through timing

Summary Before OpenClaw 2026.4.2, several shared-secret comparison call sites still used early length-mismatch checks instead of the shared fixed-length comparison helper. Those paths could leak secret-length information through measurable timing differences. Impact The affected paths exposed a...

6.3CVSS5.9AI score0.00225EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/12/09 6:29 p.m.•2 views

CVE-2025-14261

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS7AI score0.00268EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-8542

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00294EPSS

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-13939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in...

7.5CVSS7.1AI score0.00294EPSS

Broadcom•added 2025/07/08 12:0 a.m.•15 views

Linux Kernel IPv6 Segment Routing Vulnerable to Out-of-Bounds Read via Crafted Netlink Message in SRv6 Layer

IPv6 Segment Routing SRv6 is vulnerable to an out-of-bounds read when setting HMAC data due to a lack of validation in the SEG6ATTRSECRETLEN attribute. This could allow an attacker to read up to 64 bytes of data past the skb end pointer and into skbsharedinfo, potentially leading to information...

5.5CVSS6.5AI score0.00242EPSS

Exploits0

OSV•added 2025/04/03 2:12 p.m.•6 views

BIT-JOOMLA-2021-23127 [20210301] - Core - Insecure randomness within 2FA secret generation

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

9.1CVSS9.2AI score0.01567EPSS

OSV•added 2025/03/28 3:15 a.m.•6 views

CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

7.5CVSS7.7AI score

OSV•added 2025/03/28 3:15 a.m.•2 views

DEBIAN-CVE-2024-13939

7.5CVSS7.3AI score0.00294EPSS

OSV•added 2025/03/28 3:15 a.m.•0 views

UBUNTU-CVE-2024-13939

7.5CVSS5.7AI score0.00294EPSS

CNNVD•added 2025/03/28 12:0 a.m.•2 views

MetaCPAN String::Compare::ConstantTime 安全漏洞

MetaCPAN String::Compare::ConstantTime is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN String::Compare::ConstantTime version 0.321 and earlier, which stems from a timing attack that could disclose the length of a secret string...

7.5CVSS7.3AI score0.00294EPSS

Snyk•added 2024/09/17 9:31 p.m.•4 views

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy due to the use of an insufficient default, OTP shared secret length. Workaround If upgrading to the fixed version is not possible, users are advised to override the default otpsecretlength attribute in the model whe...

6CVSS6.9AI score0.00632EPSS