Search Vulnerabilities

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Apache Shiro: Brute force attack possible to determine valid user names

Trilium Notes has a Timing Attack Vulnerability in /api/login/sync

PrestaShop has a time based enumeration in FO login form

Username enumeration through timing difference in mod_wsgi authentication handler

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation

FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

File Browser vulnerable to Username Enumeration via Timing Attack in /api/login

RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz

Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, p...

Insecure string comparison enables timing attacks

Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web

Timing Attack Vulnerability in SCRAM Authentication

Timing attacks against Proxy’s basic authentication are possible

httpsig-rs's HMAC verification is vulnerable to timing attack

Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library

Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library

Username enumeration vulnerability in Liferay Portal 7

Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information dis...