CVE-2026-41407

OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handli...

PT-2026-35790

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description A timing side channel occurs in shared-secret comparison call sites that utilize early length-mismatch checks rather than fixed-length comparison helpers. This allows attackers to measure timing...

EUVD-2023-1611

Malicious code in bioql PyPI...

CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

The vulnerability of the Prosody Jabber/XMPP server lies in the simultaneous execution using a shared resource with incorrect synchronization, allowing an attacker to gain access to confidential data.

The vulnerability of the Prosody Jabber/XMPP server is related to the use of an algorithm with non-persistent execution time for comparing secret strings. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...