Information Exposure

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Information Exposure in the DaoAuthenticationProvider component. An attacker can determine the status of user...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the sp256getentry2569 function when compiled for RISC-V RV32I with GCC using the -O3 optimization flag. An attacker can recover secret keys by performing timing analysis on the side-channel leakage introduced by...

EUVD-2026-13172

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.13 had security vulnerabilities. These vulnerabilities stemmed from the use of non-constant time string comparisons in hook token verification, which could allow attackers to infer tokens through...

PT-2026-22703

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description An observable timing discrepancy in AES-CCM decryption within AWS-LC could allow an unauthenticated user to potentially determine authentication tag validity through timing analysis. The impacted...

Burp Suite 2025.12.4 Extension Advanced ReDoS Detector

This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...

CVE-2020-12788

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks...

RUSTSEC-2025-0144 Timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

EUVD-2022-45045

Malicious code in bioql PyPI...

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

An Advanced Cyber-Physical System Security Testbed for Substation Automation

A Cyber-Physical System CPS testbed serves as a powerful platform for testing and validating cyber intrusion detection and mitigation strategies in substations. This study presents the design and development of a CPS testbed that can effectively assess the real-time dynamics of a substation. Cybe...

CVE-2022-41914

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...

CVE-2025-46736

CVE-2025-46736 affects the Umbraco CMS (a .NET-based open source content management system). The issue allows user enumeration by analyzing the timing of post-login API responses, enabling an attacker to determine if an account exists. Affected versions are prior to 10.8.10 and 13.8.1. The vulner...

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Web.BackOffice to versi...

GHSA-4G8M-5MJ5-C8XG Umbraco Makes User Enumeration Feasible Based on Timing of Login Response

Impact Based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. Patches Patched in 10.8.10 and 13.8.1. Workarounds None available...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco versions prior to 10.8.10 and prior to 13.8.1, which stems from a login API response time analysis can determine account presence...

Linux Distros Unpatched Vulnerability : CVE-2018-10844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct...

FreeBSD -- OpenSSH Keystroke Obfuscation Bypass

Problem Description: A logic error in the ssh1 ObscureKeystrokeTiming feature on by default rendered this feature ineffective. Impact: A passive observer could detect which network packets contain real keystrokes, and infer the specific characters being transmitted from packet timing...

GHSA-HMG4-WWM5-P999 Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. Patches Patched in 14.3.2 and 15.1.2. Workarounds None available...