Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-208

CWE-208

Observable Timing Discrepancy

Parent: CWE-203 - Observable Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

137 vulnerabilities with CWE-208

CVE-2026-40194 LOW

phpseclib SSH2::get_binary_packet() - Variable-Time HMAC Comparison

CVE-2026-39321 LOW

Parse Server Login Endpoint - User Enumeration Timing Side-Channel

CVE-2026-21713 MEDIUM

Node.js 20.x-20.20.1 22.x-22.22.1 24.x-24.14.0 25.x-25.8.1 - Observable Timing Discrepancy in HMAC Verification

CVE-2026-32595 LOW

Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration

CVE-2026-33129 MEDIUM

h3 requireBasicAuth - Timing Side Channel

CVE-2026-32935 MEDIUM

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

CVE-2026-32702 MEDIUM

Cleanuparr has Username Enumeration via Timing Attack

CVE-2026-28475 MEDIUM

OpenClaw <2026.2.13 - Info Disclosure

CVE-2026-28464 MEDIUM

OpenClaw <2026.2.12 - Info Disclosure

CVE-2026-3337 MEDIUM

AWS-LC < 1.69.0 and 3.0.0-3.1.9 - Observable Timing Discrepancy in AES-CCM Decryption via EVP CIPHER API

CVE-2026-26717 MEDIUM

Richie < 3.3.0 - Observable Timing Discrepancy in HMAC Signature Verification

CVE-2026-23901 LOW

Apache Shiro <2.0.7 - Info Disclosure

CVE-2026-25597 MEDIUM

PrestaShop <8.2.4, <9.0.3 - Info Disclosure

CVE-2026-23892 MEDIUM

OctoPrint <1.11.5 - Info Disclosure

CVE-2026-23996 LOW

FastAPI Api Key <1.1.0 - Info Disclosure

CVE-2026-23849 MEDIUM

File Browser <2.55.0 - Info Disclosure

CVE-2026-23519 CRITICAL

RustCrypto CMOV <0.4.4 - Info Disclosure

CVE-2025-70949 HIGH

@perfood/couch-auth 0.26.0 - Info Disclosure

CVE-2025-48630 HIGH

Android - Observable Timing Discrepancy in SkiaRenderEngine

CVE-2025-68621 HIGH

Trilium Notes <0.101.0 - Auth Bypass

CVE-2025-13473 MEDIUM

Django <6.0.2-4.2.28 - Info Disclosure

CVE-2025-22234 MEDIUM

Timing Attack Mitigation - Info Disclosure

CVE-2025-52457 MEDIUM

Command Centre Server <9.30.251028a - Info Disclosure

CVE-2025-59438 MEDIUM

Mbed TLS < 3.6.5 - Observable Timing Discrepancy

CVE-2025-54764 MEDIUM

Mbed TLS < 3.6.5 - Observable Timing Discrepancy in RSA Operations

Previous Page 2 of 6 Next

Details

Vulnerabilities 137

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy