Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2025-24023 LOW

Flask-AppBuilder < 4.5.3 - Unauthenticated Username Enumeration via Timing Attack

CVE-2025-24506 MEDIUM

Broadcom Symantec Privileged Access Management 3.4.6-4.1.7 and 4.2.0 - User ID Disclosure via Authentication Strategy

CVE-2025-21510 HIGH

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Unauthenticated Unauthorized Data Access via Web Runtime SEC

CVE-2025-24011 MEDIUM

Umbraco CMS 14.0.0-14.3.1 - Unauthenticated User Enumeration via Management API Response Analysis

CVE-2025-21336 MEDIUM

Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Cryptographic Information Disclosure

CVE-2024-55374 MEDIUM

REDCap 14.3.13 - Username Enumeration via Login Discrepancy

CVE-2024-47057 MEDIUM

Mautic - Unauthenticated Username Enumeration via Timing Attack in Password Reset

CVE-2024-11084 MEDIUM

Helix ALM <2025.1 - Info Disclosure

CVE-2024-51477 MEDIUM

IBM InfoSphere Information Server 11.7 - Authenticated Sensitive Username Disclosure via Observable Response Discrepancy

CVE-2024-13939 HIGH

String::Compare::ConstantTime < 0.321 - Observable Timing Discrepancy

CVE-2024-41760 LOW

IBM Common Cryptographic Architecture 7.0.0-7.5.51 - Timing Attack During RSA Operations

CVE-2024-41335 HIGH

Draytek Vigor Routers - Information Disclosure via Timing Attack on strcmp/memcmp

CVE-2024-45089 MEDIUM

IBM Sterling B2B Integrator <6.2.0.3 - Info Disclosure

CVE-2024-7881 MEDIUM

ARM C1-Premium Firmware - Unprivileged Data Memory-Dependent Prefetch Engine Information Disclosure

CVE-2024-35114 MEDIUM

IBM Control Center 6.2.1 and 6.3.1 - Username Enumeration via Observable Login Discrepancy

CVE-2024-10929 MEDIUM

Arm Cortex-A57, Cortex-A72 < r1p0, Cortex-A73, Cortex-A75 - Observable Discrepancy via Branch History Control

CVE-2024-43095 HIGH

Google Android - Privilege Escalation

CVE-2024-36510 MEDIUM

FortiClientEMS/FortiSOAR <7.5.0 - Info Disclosure

CVE-2024-42174 LOW

HCL MyXalytics - Username Enumeration via Observable Response Discrepancy

CVE-2024-13198 LOW

Langhsu Mblog Blog System 3.5.0 - Info Disclosure

CVE-2024-54767 HIGH

AVM FRITZ!Box 7530 AX v7.59 - Info Disclosure

CVE-2024-13028 LOW

Antabot White-Jotter <0.2.2 - Info Disclosure

CVE-2024-56738 MEDIUM

GNU GRUB2 < 2.12 - Observable Timing Discrepancy in grub_crypto_memcmp

CVE-2024-54454 MEDIUM

Kurmi Provisioning Suite <7.9.0.35, 7.10.x-7.10.0.18, 7.11.x-7.11.0...

CVE-2024-47150 LOW

Honor MagicOS 8.0-8.0.0.135 - Information Disclosure

Previous Page 4 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy