Total
693 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56738 | 1 Gnu | 1 Grub2 | 2025-06-24 | N/A | 5.3 MEDIUM |
| GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. | |||||
| CVE-2024-21206 | 1 Oracle | 1 Enterprise Command Center Framework | 2025-06-23 | N/A | 4.3 MEDIUM |
| Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-32789 | 1 Espocrm | 1 Espocrm | 2025-06-18 | N/A | 3.1 LOW |
| EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of the sorted list of users. Although unlikely, if an attacker knows the hash value of their password, they can change the password and repeat the sorting until the other user's password hash is fully revealed. This issue is patched in version 9.0.7. | |||||
| CVE-2024-2464 | 1 Cdex | 1 Cdex | 2025-06-17 | N/A | 6.3 MEDIUM |
| This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. | |||||
| CVE-2024-25191 | 1 Zihanggao | 1 Php-jwt | 2025-06-12 | N/A | 9.8 CRITICAL |
| php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | |||||
| CVE-2024-47156 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 3.3 LOW |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47153 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 6.2 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47154 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47155 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8992 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 4.0 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8993 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 6.2 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-8994 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 6.2 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47150 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 3.3 LOW |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2024-47149 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 3.3 LOW |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2025-3939 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | |||||
| CVE-2023-52323 | 1 Pycryptodome | 2 Pycryptodome, Pycryptodomex | 2025-06-03 | N/A | 5.9 MEDIUM |
| PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | |||||
| CVE-2022-40482 | 1 Laravel | 1 Framework | 2025-05-30 | N/A | 5.3 MEDIUM |
| The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist. | |||||
| CVE-2022-30332 | 1 Talend | 1 Administration Center | 2025-05-30 | N/A | 5.3 MEDIUM |
| In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests. | |||||
| CVE-2024-23771 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | N/A | 9.8 CRITICAL |
| darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | |||||
| CVE-2024-22647 | 1 Seopanel | 1 Seo Panel | 2025-05-29 | N/A | 5.3 MEDIUM |
| An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | |||||