CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

Astra Linux - уязвимость в nss

During ECDSA signature generation, padding is applied in the nonce to ensure that constant-time scalar multiplication is removed. However, this results in variable-time execution that depends on secret data. This vulnerability affects Firefox versions less than 80, as well as Firefox for Android...

Astra Linux - уязвимость в nss

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, allowing for a timing-based side channel attack. This vulnerability affects Firefox versions less than 80, as well as Firefox for Android versions less than 80...

perl-Crypt-SaltedHash 安全漏洞

perl-Crypt-SaltedHash is a Perl password hashing tool developed by Robert Rothenberg. Versions of perl-Crypt-SaltedHash prior to 0.09 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Perl eq comparison function; timing differences could be exploited t...

PT-2026-42265

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.110.0 Description Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying hash...

xiangshan-bpu-asid-poc

XiangShan Cross-ASID BPU Leak PoC Minimal proof of concept fo...

SUSE CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

kv-cache-side-channel-poc

KV Cache Side-Channel: Cross-Tenant Timing Oracle Proof of co...

SUSE SLES16 Security Update : ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu (SUSE-SU-2026:21608-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21608-1 advisory. Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated...

CVE-2026-44368

PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...

OESA-2026-2319 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

OESA-2026-2318 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

OESA-2026-2316 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

EUVD-2026-30315

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

GHSA-PHP6-83FG-GW3G FlowiseAI Exposes Basic Auth Credentials via API

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...

FlowiseAI Exposes Basic Auth Credentials via API

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...