Lucene search
+L

13 matches found

cve
cve
added 2026/01/22 9:2 p.m.447 views

CVE-2025-22234

CVE-2025-22234 is associated with Spring Security’s timing-attack mitigation in DaoAuthenticationProvider. The described issue states that the fix applied in CVE-2025-22228 accidentally broke the mitigation, enabling an attacker to infer usernames or authentication behavior via response-time diff...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2015-7725

Malware in sbrugna...

7.5CVSS7.6AI score0.02443EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-20213

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00371EPSS
Exploits0References4
osv
osv
added 2025/05/28 6:2 p.m.8 views

GHSA-4QJH-9FV9-R85R Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching

This issue arises from the prefix caching mechanism, which may expose the system to a timing side-channel attack. Description When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First...

2.6CVSS6.9AI score0.00247EPSS
Exploits0References6
huntr
huntr
added 2025/03/23 5:21 p.m.9 views

Timing attacks to guess password in lollms_authentication.py

Description The authenticateuser function in /server/endpoints/lollmsauthentication.py is vulnerable to timing attacks that can be exploited to: Enumerate valid usernames. Guess passwords incrementally by analyzing response time differences. Explanation of the vulnerability def...

7.5CVSS6.9AI score0.00371EPSS
Exploits0
github
github
added 2024/03/15 4:44 p.m.38 views

vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS7.2AI score0.00394EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2022/08/05 12:0 a.m.4 views

PT-2022-24009 · Unknown · Go-Ethereum

Name of the Vulnerable Software and Affected Versions: Go Ethereum aka geth versions 1.10.21 and earlier Description: The issue allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain...

5.9CVSS5.4AI score0.01005EPSS
Exploits1References10
prion
prion
added 2016/05/13 2:59 p.m.19 views

Open redirect

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS1 padding...

5CVSS7AI score0.02443EPSS
Exploits0References4Affected Software3
cnvd
cnvd
added 2016/03/04 12:0 a.m.6 views

Django Security Bypass Vulnerability (CNVD-2016-01467)

Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django versions prior to 1.9.3 and versions 1.6 through 1.8...

3.1CVSS8.7AI score0.03317EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2016/02/20 1:59 a.m.27 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.2AI score0.02648EPSS
Exploits0References2
cve
cve
added 2016/02/20 1:0 a.m.93 views

CVE-2016-2041

CVE-2016-2041 affects phpMyAdmin 4.0.x (before 4.0.10.13), 4.4.x (before 4.4.15.3), and 4.5.x (before 4.5.4). The issue is that libraries/common.inc.php does not use a constant‑time comparison for CSRF tokens, enabling timing analysis to bypass access restrictions as described in the initial desc...

7.5CVSS7.3AI score0.02648EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2016/02/20 1:0 a.m.21 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.4AI score0.02648EPSS
Exploits0References7
debiancve
debiancve
added 2016/02/20 1:0 a.m.35 views

CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.3AI score0.02648EPSS
Exploits0
Rows per page
Query Builder