Fallos del tipo CWE-208
140 resultadosCVE-2026-44061MEDIUMDES-ECB auth with timing side channelEPSS 0.4%CVE-2026-28464HIGHOpenClaw < 2026.2.12 - Timing Attack in Hooks Token AuthenticationEPSS 0.4%CVE-2026-21713MEDIUMA flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timingEPSS 0.4%CVE-2026-32595MEDIUMTraefik: BasicAuth Middleware Timing Attack Allows Username EnumerationEPSS 0.4%CVE-2024-56738MEDIUMGNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.EPSS 0.4%CVE-2025-70949HIGHAn observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.EPSS 0.4%CVE-2026-26717MEDIUMAn issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signaturEPSS 0.4%CVE-2026-32935HIGHphpseclib's AES-CBC unpadding susceptible to padding oracle timing attackEPSS 0.4%CVE-2026-5419LOWGnutls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removalEPSS 0.4%CVE-2026-41263MEDIUMTraefik: BasicAuth middleware: timing side-channel vulnerabilityEPSS 0.4%CVE-2026-33877LOWApostropheCMS: User Enumeration via Timing Side Channel in Password Reset EndpointEPSS 0.4%CVE-2026-41588CRITICALRELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key()EPSS 0.4%CVE-2025-0693MEDIUMIssue with AWS Sign-in IAM User Login Flow - Possible Username EnumerationEPSS 0.4%CVE-2020-4071LOWTiming attack on django-basic-auth-ip-whitelistEPSS 0.4%CVE-2026-48859MEDIUMSSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumerationEPSS 0.4%CVE-2026-43514LOWApache Tomcat: AJP secret compared in non-constant timeEPSS 0.4%CVE-2023-32694MEDIUMNon-constant time HMAC comparison in Adyen plugin in SaleorEPSS 0.3%CVE-2026-40194LOWphpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()EPSS 0.3%CVE-2026-41161MEDIUMUsername Enumeration via Timing AttackEPSS 0.3%CVE-2021-26313—AMD Speculative Code Store BypassEPSS 0.3%