Lucene search
K

3256 matches found

Snyk
Snyk
added 2026/06/05 4:3 p.m.5 views

Brute Force

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Brute Force via the auth.service.ts file. An attacker can determine whether specific email addresses are registered by measuring the response time of sign-in attempts. Remediation Upgrade nocodb to version 0.301.3 or...

6.9CVSS5.3AI score0.00197EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 4:3 p.m.6 views

Information Exposure

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Information Exposure via the shared-view password check. An attacker can infer sensitive information about legacy plaintext passwords by measuring authentication response times, potentially revealing password length a...

6.9CVSS5.3AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.23 views

PT-2026-46997

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The shared-view password check used strict-equality === comparison for legacy plaintext passwords. This creates a timing oracle, allowing a network-positioned attacker to leak the password length...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References8
OSV
OSV
added 2026/06/04 7:31 p.m.9 views

GHSA-7W52-7JVM-M9VW Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames

Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php: public function getUserEntityByUserCredentials string $username,...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/04 7:31 p.m.12 views

Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames

Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php: public function getUserEntityByUserCredentials string $username,...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46850

Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php: public function getUserEntityByUserCredentials string $username,...

3.7CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46887

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.6.10.18 Shopware versions prior to 6.7.10.1 Description An attacker can enumerate administrator usernames by performing a timing attack. This occurs because the getUserEntityByUserCredentials function in the...

3.7CVSS5.5AI score0.00223EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 9:16 p.m.9 views

ALPINE-CVE-2026-5419

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/01 2:24 p.m.82 views

portswigger-labs

PortSwigger Web Security Academy — Lab Notes Notes from compl...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/01 10:14 a.m.13 views

CVE-2026-5091

A flaw was found in Catalyst::Plugin::Authentication. This vulnerability allows a remote attacker to conduct timing attacks by observing discrepancies in the time it takes to compare passwords or hashes. This could enable the attacker to guess the underlying hash or password, leading to...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/29 5:12 a.m.18 views

Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability

The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 5:12 a.m.14 views

MGASA-2026-0160 Updated perl-Catalyst-Plugin-Authentication package fixes a security vulnerability

The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. CVE-2026-5091...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 10:17 p.m.13 views

CVE-2026-45410

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 9:23 p.m.24 views

CVE-2026-45410

TREK (collaborative travel planner) has a time-based user enumeration vulnerability in the authentication endpoint prior to version 3.0.18. When an email exists, the backend performs a bcrypt password comparison before returning 401, adding ~370 ms; when it does not exist, it returns immediately ...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/28 1:24 p.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.3 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extrem...

9.8CVSS6.5AI score0.0036EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44554

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21.1 of GitHub Enterprise Server, there was a security...

7CVSS5.8AI score0.00386EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 2:17 p.m.12 views

JLSEC-2026-525

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References27
Amazon
Amazon
added 2026/05/26 12:0 a.m.13 views

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

9.8CVSS5.8AI score0.01325EPSS
Exploits2
Amazon
Amazon
added 2026/05/26 12:0 a.m.21 views

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

9.8CVSS5.8AI score0.01325EPSS
Exploits2
Rows per page
Query Builder