CVE-2025-68621
Trilium Notes has a timing-attack vulnerability in the sync authentication endpoint (/api/login/sync) affecting versions before 0.101.0. Unauthenticated remote attackers can recover HMAC hashes byte-by-byte via statistical timing analysis, enabling complete authentication bypass and full read/wri...