Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-208

CWE-208

Observable Timing Discrepancy

Parent: CWE-203 - Observable Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

119 vulnerabilities with CWE-208

CVE-2026-41263 MEDIUM

Traefik: BasicAuth middleware: timing side-channel vulnerability

CVE-2026-41407 LOW

OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret Comparison

CVE-2026-40972 HIGH

Spring Boot < 4.0.6 - Remote Code Execution

CVE-2026-41244 MEDIUM

Mojic: Observable Timing Discrepancy in HMAC Verification

CVE-2026-41418 MEDIUM

4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint

CVE-2026-22746 LOW

User Attribute Enumeration when Using DaoAuthenticationProvider

CVE-2026-40263 LOW

Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel

CVE-2026-33877 LOW

ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

CVE-2026-5086 HIGH

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

CVE-2026-40194 LOW

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

CVE-2026-39321 LOW

Parse Server has a login timing side-channel reveals user existence

CVE-2026-32595 LOW

Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration

CVE-2026-33129 MEDIUM

h3 has an observable timing discrepancy in basic auth utils

CVE-2026-32935 HIGH

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

CVE-2026-32702 MEDIUM

Cleanuparr has Username Enumeration via Timing Attack

CVE-2026-28475 MEDIUM

OpenClaw <2026.2.13 - Info Disclosure

CVE-2026-28464 MEDIUM

OpenClaw <2026.2.12 - Info Disclosure

CVE-2026-3337 MEDIUM

AWS-LC <1.69.0 - Info Disclosure

CVE-2026-26717 MEDIUM

OpenFUN Richie - Auth Bypass

CVE-2026-23901 LOW

Apache Shiro <2.0.7 - Info Disclosure

CVE-2026-25597 MEDIUM

PrestaShop <8.2.4, <9.0.3 - Info Disclosure

CVE-2026-23892 MEDIUM

OctoPrint <1.11.5 - Info Disclosure

CVE-2026-23996 LOW

FastAPI Api Key <1.1.0 - Info Disclosure

CVE-2026-23849 MEDIUM

File Browser <2.55.0 - Info Disclosure

CVE-2026-23519 CRITICAL

RustCrypto CMOV <0.4.4 - Info Disclosure

Page 1 of 5 Next

Details

Vulnerabilities 119

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy