Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2025-43743 MEDIUM

Liferay Portal 7.4.0-7.4.3.132 & DXP Authenticated User Enumeration via Calendar Access

CVE-2025-43739 MEDIUM

Liferay Portal/DXP Email Content Modification via Calendar Portlet

CVE-2025-9109 LOW

Portabilis i-Diario <1.5.0 - Info Disclosure

CVE-2025-8774 LOW

riscv-boom SonicBOOM <2.2.3 - Info Disclosure

CVE-2025-54999 LOW

OpenBao 0.1.0-2.3.1 - User Enumeration via Userpass Auth Timing Side Channel

CVE-2025-47872 MEDIUM

Product Registration - Info Disclosure

CVE-2025-6011 LOW

HashiCorp Vault < 1.20.1 and 1.16.23 - Timing Side Channel in Userpass Auth Method

CVE-2025-24391 MEDIUM

OTRS 7.0.x 8.0.x 2023.x 2024.x 2025.x - User Enumeration via External Interface Response Discrepancy

CVE-2025-6386 HIGH

parisneo/lollms < 20.1 - Timing Attack via Password Comparison in authenticate_user

CVE-2025-6056 MEDIUM

Ergon Informatik AG's Airlock IAM <8.3.1 - Info Disclosure

CVE-2025-27451 MEDIUM

Endress meac300-fnade4 Firmware <= 0.16.0 - Username Enumeration via Different Error Messages

CVE-2025-40732 HIGH

Daily Expense Manager 1.0 - User Enumeration via /check.php Name Parameter

CVE-2025-52576 MEDIUM

Kanboard < 1.2.46 - Username Enumeration and Brute-Force Protection Bypass via HTTP Header Spoofing

CVE-2025-46570 LOW

vllm < 0.9.0 - Observable Timing Discrepancy in PageAttention Prefill

CVE-2025-46804 LOW

Screen 5.0.0 - Unauthenticated Information Disclosure via Setuid Path Leak

CVE-2025-23182 MEDIUM

UBtech Freepass - Observable Discrepancy

CVE-2025-3939 MEDIUM

Tridium Niagara Framework and Enterprise Security < 4.14.2, < 4.15.1, < 4.10.11 - Observable Response Discrepancy

CVE-2025-46720 LOW

Keystone < 6.5.0 - Unauthorized Information Exposure via Update and Delete Mutation Filters

CVE-2025-32789 LOW

EspoCRM < 9.0.7 - Exposure of Sensitive Information via User Password Hash Sorting

CVE-2025-0361 MEDIUM

Axis Communications - Info Disclosure

CVE-2025-31124 MEDIUM

zitadel < 2.63.9 - Username Enumeration via Normalization Bypass

CVE-2025-30344 MEDIUM

OpenSlides <4.2.5 - Info Disclosure

CVE-2025-1468 HIGH

CODESYS OPC UA Server - Info Disclosure

CVE-2025-29780 MEDIUM

Post-Quantum Secure Feldman's Verifiable Secret Sharing <0.8.0b2 - ...

CVE-2025-27667 CRITICAL

Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Administrative User Email Enumeration

Previous Page 3 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy