Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-208 (通过时间差异性导致的信息暴露) — Vulnerability Class 97

97 vulnerabilities classified as CWE-208 (通过时间差异性导致的信息暴露). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification — mojic 4.7 Medium2026-04-24
CVE-2026-41418 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint — 4gaBoards 5.3 Medium2026-04-24
CVE-2026-40263 Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel — note-mark 3.7 Low2026-04-16
CVE-2026-33877 ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint — apostrophe 3.7 Low2026-04-15
CVE-2026-5086 Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks — Crypt::SecretBuffer 5.9 -2026-04-13
CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals() — phpseclib 3.7 Low2026-04-10
CVE-2026-39321 Parse Server has a login timing side-channel reveals user existence — parse-server 4.8AIMediumAI2026-04-07
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration — traefik 3.7 -2026-03-20
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils — h3 5.9 Medium2026-03-20
CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack — phpseclib 5.9 -2026-03-20
CVE-2026-32702 Cleanuparr has Username Enumeration via Timing Attack — Cleanuparr 3.7AILowAI2026-03-13
CVE-2026-28475 OpenClaw < 2026.2.13 - Timing Attack via Hook Token Comparison — OpenClaw 4.8 Medium2026-03-05
CVE-2026-28464 OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication — OpenClaw 5.9 Medium2026-03-05
CVE-2026-3337 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC — AWS-LC 5.9 Medium2026-03-02
CVE-2026-23901 Apache Shiro: Brute force attack possible to determine valid user names — Apache Shiro 6.5 -2026-02-10
CVE-2025-68621 Trilium Notes has a Timing Attack Vulnerability in /api/login/sync — Trilium 7.4 High2026-02-06
CVE-2026-25597 PrestaShop has a time based enumeration in FO login form — PrestaShop 5.3 Medium2026-02-06
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler — Django 3.7 -2026-02-03
CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication — OctoPrint 5.9AIMediumAI2026-01-27
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation — Spring Security 5.3 Medium2026-01-22
CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection — fastapi-api-key 3.7 Low2026-01-21
CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login — filebrowser 5.3 Medium2026-01-19
CVE-2026-23519 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz — utils 7.5AIHighAI2026-01-15
CVE-2025-52457 Gallagher HBUS Devices 安全漏洞 — HBUS Devices 5.7 Medium2025-11-18
CVE-2025-54499 Insecure string comparison enables timing attacks — Mattermost 3.1 Low2025-10-16
CVE-2025-9031 Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web — DivvyDrive Web 4.3 Medium2025-09-24
CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication — scram 5.9AIMediumAI2025-09-22
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible — dragonfly 5.9AIMediumAI2025-09-17
CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack — httpsig-rs 5.9 Medium2025-09-12
CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library — Oberon PSA Crypto 5.9 -2025-08-29

Vulnerabilities classified as CWE-208 (通过时间差异性导致的信息暴露) represent 97 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.