CWE-203— Observable Discrepancy (Information Exposure via Side Channel)
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.— MITRE CWE catalog
742 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-203page 15 of 15
- CVE-2025-59702HIGHCVSS 7.2EG 7.22025-12-02
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.
- CVE-2025-59716MEDIUMCVSS 5.3EG 5.32025-11-05
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently whe…
- CVE-2025-6011LOWCVSS 3.7EG 3.72025-08-01
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth me…
- CVE-2025-6056MEDIUMCVSS 6.9EG 6.92025-07-04
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
- CVE-2025-63094HIGHCVSS 7.5EG 7.52025-12-10
XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.
- CVE-2025-6386HIGHCVSS 7.5EG 7.52025-07-07
The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess password…
- CVE-2025-64749MEDIUMCVSS 4.3EG 4.32025-11-13
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API…
- CVE-2025-65185LOWCVSS 2.8EG 2.82025-12-17
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.
- CVE-2025-67806LOWCVSS 3.7EG 3.72026-04-01
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer …
- CVE-2025-68164LOWCVSS 2.7EG 2.72025-12-16
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
- CVE-2025-8774MEDIUMCVSS 4.7EG 2.52025-08-09
A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timin…
- CVE-2025-9031MEDIUMCVSS 4.3EG 4.32025-09-24
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
- CVE-2025-9109LOWCVSS 3.7EG 3.72025-08-18
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observa…
- CVE-2026-11284MEDIUMCVSS 6.5EG 6.52026-06-04
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11289MEDIUMCVSS 6.5EG 6.52026-06-04
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-13922MEDIUMCVSS 6.5EG 6.52026-06-30
Side-channel information leakage in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14071MEDIUMCVSS 6.5EG 6.52026-06-30
Side-channel information leakage in WebAudio in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14074MEDIUMCVSS 6.5EG 6.52026-06-30
Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14085MEDIUMCVSS 6.5EG 6.52026-06-30
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14112MEDIUMCVSS 5.3EG 5.32026-07-01
Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a craft…
- CVE-2026-21484MEDIUMCVSS 5.3EG 5.32026-01-03
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error me…
- CVE-2026-23519CRITICALCVSS 9.8EG 9.82026-01-15
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) c…
- CVE-2026-23620MEDIUMCVSS 4.3EG 4.32026-02-19
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated …
- CVE-2026-23849MEDIUMCVSS 5.3EG 5.32026-01-19
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthe…
- CVE-2026-25509MEDIUMCVSS 5.3EG 5.32026-02-03
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enum…
- CVE-2026-25562MEDIUMCVSS 4.3EG 4.32026-02-07
WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potent…
- CVE-2026-26185MEDIUMCVSS 5.3EG 5.32026-02-12
Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the…
- CVE-2026-26895MEDIUMCVSS 5.3EG 5.32026-04-02
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.
- CVE-2026-4045LOWCVSS 3.7EG 3.72026-03-12
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable response discrepancy. The attack can be ex…
- CVE-2026-41588CRITICALCVSS 9.0EG 9.02026-05-08
RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
- CVE-2026-44263MEDIUMCVSS 4.3EG 4.32026-05-07
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.1…
- CVE-2026-44332MEDIUMCVSS 5.3EG 5.32026-07-02
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for n…
- CVE-2026-45294MEDIUMCVSS 5.3EG 5.32026-05-29
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing us…
- CVE-2026-45410MEDIUMCVSS 5.3EG 5.32026-05-28
TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, th…
- CVE-2026-47379MEDIUMCVSS 6.9EG 6.92026-06-05
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character pre…
- CVE-2026-51926HIGHCVSS 7.5EG 0.02026-07-09
An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the log…
- CVE-2026-56296MEDIUMCVSS 5.3EG 5.32026-07-11
Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid ap…
- CVE-2026-56316MEDIUMCVSS 5.3EG 5.32026-06-21
Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Atta…
- CVE-2026-56319MEDIUMCVSS 4.3EG 4.32026-06-20
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can…
- CVE-2026-56327MEDIUMCVSS 5.3EG 5.32026-07-01
Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers…
- CVE-2026-58503MEDIUMCVSS 6.9EG 6.92026-07-10
Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed in versions 16.16.0 and 15.106.0.
- CVE-2026-8242LOWCVSS 3.7EG 3.72026-05-10
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The…
Map vulnerabilities like CWE-203 to your infrastructure
EchelonGraph correlates every CVE — across CWE-203 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →