Weaknesses of type CWE-208
138 resultsCVE-2019-9494—The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacksEPSS 3.7%CVE-2019-16782MEDIUMPossible Information Leak / Session Hijack Vulnerability in RackEPSS 3.7%CVE-2025-53940HIGHQuiet uses insecure, inconsistent verification on local backend tokenEPSS 2.5%CVE-2020-1926—Timing attack in Cookie signature verificationEPSS 2.5%CVE-2021-43298—The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limitingEPSS 2.3%CVE-2024-29995HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 1.5%CVE-2016-10535—csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparEPSS 1.3%CVE-2023-5981MEDIUMGnutls: timing side-channel in the rsa-psk authenticationEPSS 1.3%CVE-2019-13420—Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.EPSS 1.2%CVE-2022-31142HIGHPotential Timing Attack Vector in @fastify/bearer-authEPSS 1.2%CVE-2026-47783HIGHIn memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon aEPSS 1.1%CVE-2024-23953MEDIUMApache Hive: Timing Attack Against Signature in LLAP utilEPSS 1.1%CVE-2026-3337HIGHTiming Side-Channel in AES-CCM Tag Verification in AWS-LCEPSS 1.1%CVE-2023-41313CRITICALApache Doris: Timing Attack weaknessEPSS 1.0%CVE-2020-15237MEDIUMTiming attack in ShrineEPSS 1.0%CVE-2024-23342HIGHpython-ecdsa vulnerable to Minerva attack on P-256EPSS 1.0%CVE-2024-39329MEDIUMAn issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() methoEPSS 0.9%CVE-2010-10006LOWmichaelliao jopenid OpenIdManager.java getAuthentication timing discrepancyEPSS 0.9%CVE-2022-20752MEDIUMCisco Unified Communications Products Timing Attack VulnerabilityEPSS 0.9%CVE-2025-59432MEDIUMTiming Attack Vulnerability in SCRAM AuthenticationEPSS 0.8%