169 matches found
CVE-2026-28360 NocoDB: Plaintext Storage of Shared View Passwords
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3...
CVE-2026-28360 NocoDB: Plaintext Storage of Shared View Passwords
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3...
CVE-2026-28360
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3...
EUVD-2025-206342
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
CVE-2024-39742
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...
EUVD-2022-55832
In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
EUVD-2021-0151
Malware in sbrugna...
EUVD-2020-3020
Malware in sbrugna...
EUVD-2021-0049
Malware in sbrugna...
EUVD-2021-1085
Malware in sbrugna...
EUVD-2021-18741
Malware in sbrugna...
EUVD-2021-27057
Malware in sbrugna...
EUVD-2023-38438
Malicious code in bioql PyPI...
EUVD-2024-38221
Malicious code in bioql PyPI...
EUVD-2024-3440
Malicious code in bioql PyPI...
EUVD-2025-8542
Malicious code in bioql PyPI...
EUVD-2021-34105
Malicious code in bioql PyPI...
curl: Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison
Summary: A timing attack vulnerability exists in curl's Digest Authentication implementation due to the use of non-constant-time string comparison strcmp when comparing authentication algorithms in digest.c line 360. This allows attackers to determine the supported authentication algorithm throug...
GHSA-C2FC-9Q9C-5486 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...