Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
104 vulnerabilities with CWE-208
CVE-2026-28475
MEDIUM
OpenClaw <2026.2.13 - Info Disclosure
CVSS 4.8
CVE-2026-28464
MEDIUM
OpenClaw <2026.2.12 - Info Disclosure
CVSS 5.9
CVE-2025-70949
HIGH
@perfood/couch-auth 0.26.0 - Info Disclosure
CVSS 7.5
CVE-2026-3337
MEDIUM
AWS-LC <1.69.0 - Info Disclosure
CVSS 5.9
CVE-2025-48630
HIGH
SkiaRenderEngine - Info Disclosure
CVSS 7.4
CVE-2026-26717
MEDIUM
OpenFUN Richie - Auth Bypass
CVSS 4.8
CVE-2026-23901
LOW
Apache Shiro <2.0.7 - Info Disclosure
CVSS 2.5
CVE-2025-68621
HIGH
Trilium Notes <0.101.0 - Auth Bypass
CVSS 7.4
CVE-2026-25597
MEDIUM
PrestaShop <8.2.4, <9.0.3 - Info Disclosure
CVSS 5.3
CVE-2025-13473
MEDIUM
Django <6.0.2-4.2.28 - Info Disclosure
CVSS 5.3
CVE-2026-23892
MEDIUM
OctoPrint <1.11.5 - Info Disclosure
CVSS 5.9
CVE-2025-22234
MEDIUM
Timing Attack Mitigation - Info Disclosure
CVSS 5.3
CVE-2026-23996
LOW
FastAPI Api Key <1.1.0 - Info Disclosure
CVSS 3.7
CVE-2026-23849
MEDIUM
File Browser <2.55.0 - Info Disclosure
CVSS 5.3
CVE-2026-23519
CRITICAL
RustCrypto CMOV <0.4.4 - Info Disclosure
CVSS 9.8
CVE-2025-52457
MEDIUM
Command Centre Server <9.30.251028a - Info Disclosure
CVSS 5.7
CVE-2025-59438
MEDIUM
Mbed TLS <3.6.4 - Info Disclosure
CVSS 5.3
CVE-2025-54764
MEDIUM
Mbed TLS <3.6.5 - Info Disclosure
CVSS 6.2
CVE-2025-54499
LOW
Mattermost <10.5.10, <10.11.2 - Info Disclosure
CVSS 3.1
CVE-2025-9031
MEDIUM
DivvyDrive Web <4.8.2.15 - XSS
CVSS 4.3
CVE-2025-59432
SCRAM <3.2 - Timing Attack
CVE-2025-59350
MEDIUM
Dragonfly <2.1.0 - Info Disclosure
CVSS 5.3
CVE-2025-59058
MEDIUM
httpsig-rs <0.0.19 - Timing Attack
CVSS 5.9
CVE-2025-7383
Oberon PSA Crypto <1.5.1 - Info Disclosure
CVE-2025-7071
Oberon microsystem AG's ocrypto <3.9.2 - Info Disclosure
Details
Vulnerabilities
104