Total
712 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46739 | 1 Linuxfoundation | 1 Cubefs | 2025-06-17 | 6.5 Medium |
| CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading. | ||||
| CVE-2024-2464 | 1 Cdex | 1 Cdex | 2025-06-17 | 6.3 Medium |
| This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. | ||||
| CVE-2024-25191 | 1 Zihanggao | 1 Php-jwt | 2025-06-12 | 9.8 Critical |
| php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | ||||
| CVE-2024-47156 | 1 Honor | 1 Magicos | 2025-06-05 | 3.3 Low |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47153 | 1 Honor | 1 Magicos | 2025-06-05 | 6.2 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47154 | 1 Honor | 1 Magicos | 2025-06-05 | 5.5 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47155 | 1 Honor | 1 Magicos | 2025-06-05 | 5.5 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-8992 | 1 Honor | 1 Magicos | 2025-06-05 | 4 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-8993 | 1 Honor | 1 Magicos | 2025-06-05 | 6.2 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-8994 | 1 Honor | 1 Magicos | 2025-06-05 | 6.2 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47150 | 1 Honor | 1 Magicos | 2025-06-05 | 3.3 Low |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47149 | 1 Honor | 1 Magicos | 2025-06-05 | 3.3 Low |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2025-3939 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | 5.3 Medium |
| Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2023-52323 | 2 Pycryptodome, Redhat | 7 Pycryptodome, Pycryptodomex, Ansible Automation Platform and 4 more | 2025-06-03 | 5.9 Medium |
| PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | ||||
| CVE-2022-40482 | 1 Laravel | 1 Framework | 2025-05-30 | 5.3 Medium |
| The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist. | ||||
| CVE-2024-23771 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | 9.8 Critical |
| darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | ||||
| CVE-2024-22647 | 1 Seopanel | 1 Seo Panel | 2025-05-29 | 5.3 Medium |
| An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | ||||
| CVE-2024-24766 | 1 Icewhale | 1 Casaos-userservice | 2025-05-28 | 6.2 Medium |
| CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue. | ||||
| CVE-2025-23182 | 2025-05-23 | 4.3 Medium | ||
| CWE-203: Observable Discrepancy | ||||
| CVE-2022-32218 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | ||||