Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25191 | 1 Zihanggao | 1 Php-jwt | 2025-06-12 | N/A | 9.8 CRITICAL |
| php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | |||||
| CVE-2023-5388 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-06-09 | N/A | 6.5 MEDIUM |
| NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-47156 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 3.3 LOW |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47153 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 6.2 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47154 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47155 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8992 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 4.0 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8993 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 6.2 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8994 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 6.2 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47150 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 3.3 LOW |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47149 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 3.3 LOW |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2025-3939 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | |||||
| CVE-2024-23218 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-04 | N/A | 5.9 MEDIUM |
| A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key. | |||||
| CVE-2023-52323 | 1 Pycryptodome | 2 Pycryptodome, Pycryptodomex | 2025-06-03 | N/A | 5.9 MEDIUM |
| PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | |||||
| CVE-2022-40482 | 1 Laravel | 1 Framework | 2025-05-30 | N/A | 5.3 MEDIUM |
| The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist. | |||||
| CVE-2022-30332 | 1 Talend | 1 Administration Center | 2025-05-30 | N/A | 5.3 MEDIUM |
| In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests. | |||||
| CVE-2024-23771 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | N/A | 9.8 CRITICAL |
| darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | |||||
| CVE-2024-22647 | 1 Seopanel | 1 Seo Panel | 2025-05-29 | N/A | 5.3 MEDIUM |
| An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | |||||
| CVE-2024-47057 | 2025-05-29 | N/A | 5.3 MEDIUM | ||
| SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack. MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence. | |||||
| CVE-2024-24766 | 1 Icewhale | 1 Casaos-userservice | 2025-05-28 | N/A | 6.2 MEDIUM |
| CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue. | |||||