Fixed in Apache Tomcat 9.0.118

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commit db919ff9. This issue was reported to the Tomcat securit...

CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-017335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017335 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for...

CVE-2026-43384

A flaw was found in the Linux kernel's TCP Authentication Option TCP-AO implementation. This vulnerability arises from a non-constant-time comparison of Message Authentication Codes MACs. A remote attacker could potentially exploit this timing discrepancy to perform a timing attack, which may lea...

CVE-2026-43383

A flaw was found in the Linux kernel's TCP MD5 signature option. This vulnerability allows a remote attacker to perform timing attacks due to a non-constant-time comparison of Message Authentication Codes MACs. By observing the time taken for MAC comparisons, an attacker could potentially infer...

Exploit for Observable Timing Discrepancy in Apache Http_Server

CTT-enhanced-Apache-modauthdigest-timing-attack-exploit CTT-...

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2026-41588

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — checksigninkey. This issue has been patched via commit 2f68e16...

CVE-2026-41588 RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key()

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — checksigninkey. This issue has been patched via commit 2f68e16...

CVE-2026-41588 RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key()

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — checksigninkey. This issue has been patched via commit 2f68e16...

CVE-2026-41588

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — checksigninkey. This issue has been patched via commit 2f68e16...

CVE-2026-41588

RELATE is a web-based courseware package. CVE-2026-41588 describes a timing attack in the authentication path: in course/auth.py, function check_sign_in_key(), present prior to commit 2f68e16. The issue has been patched by that commit. CVSS 3.1 vector indicates network attack with high impact on ...

EUVD-2026-28656

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — checksigninkey. This issue has been patched via commit 2f68e16...

CVE-2026-43383 net/tcp-md5: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2026-41161

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

EUVD-2026-28551

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

CVE-2026-41161

Summary: CVE-2026-41161 affects Sync-in Server before version 2.2.0. The /api/auth/login endpoint exposes a timing-based flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring response times. This is confirmed in the GitHub advisory and CVE descriptions, which...

CVE-2026-41161 Username Enumeration via Timing Attack

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

CVE-2026-41161 Username Enumeration via Timing Attack

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

CVE-2026-40972

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...