UBUNTU-CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

CVE-2026-29044

EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines transactionactive=false and only calls withdrawauthorizationcallback. This path ultimately calls Charger::deauthorize, but no...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

Traefik < 2.11.41 / 3.x < 3.6.11 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.41 or 3.x prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities: - mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across...

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

Linux Distros Unpatched Vulnerability : CVE-2026-21713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

GO-2026-4792 Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik...

GO-2026-4769 Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju

Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2026-32595

A flaw was found in Traefik. An unauthenticated attacker can exploit a timing attack vulnerability in the BasicAuth middleware. By observing the time it takes for the middleware to respond, an attacker can determine if a submitted username is valid or not. This information disclosure allows for...

SUSE CVE-2026-32595

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

EUVD-2026-13935

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...

CVE-2026-32935

A flaw was found in phpseclib, a PHP secure communications library. When using Advanced Encryption Standard AES in Cipher Block Chaining CBC mode, a remote attacker can exploit a padding oracle timing attack. This vulnerability may allow the attacker to decrypt sensitive information by observing...

EUVD-2026-13664

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration...

GHSA-G3HG-J4JV-CWFR Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration

Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration

Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...