CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3235 matches found

EUVD•added 2026/03/30 9:31 p.m.•4 views

EUVD-2026-17174

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.9CVSS6.5AI score0.00385EPSS

Exploits0References2

NVD•added 2026/03/30 8:16 p.m.•3 views

CVE-2026-21713

5.9CVSS0.00385EPSS

Exploits0References1

OSV•added 2026/03/30 8:16 p.m.•2 views

ALPINE-CVE-2026-21713

5.9CVSS6.5AI score0.00385EPSS

Exploits0References1

OSV•added 2026/03/30 8:16 p.m.•5 views

UBUNTU-CVE-2026-21713

5.9CVSS5.8AI score0.00385EPSS

Exploits0References3

Vulnrichment•added 2026/03/30 7:7 p.m.•1 views

CVE-2026-21713

5.9CVSS6.5AI score0.00385EPSS

Exploits0References1

AlpineLinux•added 2026/03/30 7:7 p.m.•2 views

CVE-2026-21713

5.9CVSS6.5AI score0.00385EPSS

Exploits0

Debian CVE•added 2026/03/30 7:7 p.m.•3 views

CVE-2026-21713

5.9CVSS6.5AI score0.00385EPSS

Exploits0

Debian•added 2026/03/29 6:54 p.m.•7 views

[SECURITY] [DSA 6185-1] phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00376EPSS

Exploits1

Tenable Nessus•added 2026/03/29 12:0 a.m.•3 views

Debian dsa-6187 : php-phpseclib3 - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6187 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected]...

8.2CVSS6AI score0.00376EPSS

Exploits1References7

SUSE CVE•added 2026/03/28 12:28 a.m.•4 views

SUSE CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS5.9AI score0.00294EPSS

Exploits1References5

Tenable Nessus•added 2026/03/28 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-27856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured...

7.4CVSS5.5AI score0.00294EPSS

Exploits1References3

EUVD•added 2026/03/27 9:31 a.m.•3 views

EUVD-2026-16565

7.4CVSS5.9AI score0.00294EPSS

Exploits1References2

NVD•added 2026/03/27 9:16 a.m.•2 views

CVE-2026-27856

7.4CVSS0.00294EPSS

Exploits1References1

OSV•added 2026/03/27 9:16 a.m.•2 views

ALPINE-CVE-2026-27856

5.9CVSS5.9AI score0.00294EPSS

Exploits1References1

Cvelist•added 2026/03/27 8:10 a.m.•26 views

CVE-2026-27856

7.4CVSS0.00294EPSS

Exploits1References1

ATTACKERKB•added 2026/03/27 8:10 a.m.•8 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References2

Vulnrichment•added 2026/03/27 8:10 a.m.•1 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References1

CVE•added 2026/03/27 8:10 a.m.•22 views

CVE-2026-27856

CVE-2026-27856 concerns the doveadm credential verification path, where direct comparison enables a timing oracle to determine configured credentials. The issue affects the doveadm HTTP service component used by Open-Xchange-related deployments, enabling an attacker to infer credentials through t...

7.4CVSS5.9AI score0.00294EPSS

Exploits1References1Affected Software2

AlpineLinux•added 2026/03/27 8:10 a.m.•3 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References1