Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2024-36996 MEDIUM

Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.109 User Enumeration via SAML

CVE-2024-38322 MEDIUM

IBM Storage Defender - Resiliency Service <2.0.5 - Info Disclosure

CVE-2024-6129 LOW

spa-cartcms 1.9.0.6 - Observable Behavioral Discrepancy via Email Parameter

CVE-2024-6056 LOW

nasirkhan/laravel_starter < 11.8.0 - Observable Response Discrepancy via Password Reset Email Parameter

CVE-2024-38465 MEDIUM

Shenzhen Guoxin Synthesis <8.3.0 - Info Disclosure

CVE-2024-31870 LOW

IBM Db2 for i <7.6 - Info Disclosure

CVE-2024-32926 MEDIUM

Android - Local Information Disclosure via Side Channel

CVE-2024-5697 MEDIUM

Firefox < 127 - Screenshot Detection via Built-in Screenshot Functionality

CVE-2024-5690 MEDIUM

Firefox < 127.0 and ESR < 115.12 - Information Disclosure via External Protocol Handler Timing

CVE-2024-37880 HIGH

pq-crystals/kyber < 2024-06-03 - Timing Side-Channel Attack via Secret-Dependent Branch in poly_frommsg

CVE-2024-2408 MEDIUM

PHP >=8.1.0 <8.1.29 - Observable Discrepancy via OpenSSL PKCS1 Padding

CVE-2024-31878 MEDIUM

IBM i 7.2-7.5 - SST User Enumeration

CVE-2024-5124 HIGH

gaizhenbiao/chuanhuchatgpt <20240310 - Info Disclosure

CVE-2024-30171 MEDIUM

Bouncy Castle Java TLS API & JSSE Provider <1.78 - Info Disclosure

CVE-2024-27839 LOW

iPadOS < 17.5 - Unprotected User Location Exposure

CVE-2024-30176 MEDIUM

Logpoint SIEM < 7.4.0 - Username Enumeration via Shared Widget URLs

CVE-2024-30257 LOW

1Panel < 1.10.3-lts - Timing Attack via Password Verification

CVE-2024-26221 HIGH

Windows Server RCE (2016 < 10.0.14393.6897, 2019 < 10.0.17763.5696, 2022 < 10.0.20348.2402, 23H2 < 10.0.25398.830)

CVE-2024-2464 MEDIUM

CDeX < 5.71 - User Enumeration via Password Recovery Message Discrepancy

CVE-2024-28868 LOW

Umbraco CMS 10.0.0-10.8.4 - User Enumeration via Native Login Screen

CVE-2024-25651 MEDIUM

Delinea Secret Server 11.4 - User Enumeration via OAuth2 Token Endpoint

CVE-2024-24766 MEDIUM

CasaOS-UserService 0.4.4.3-0.4.6 - Username Enumeration via Login Error Messages

CVE-2024-0436 MEDIUM

AnythingLLM < 1.0.0 - Timing Attack via Password Comparison

CVE-2024-26268 MEDIUM

Liferay Portal 7.2.0-7.4.3.26 and DXP < 7.4 Update 27 - User Enumeration via Response Time Discrepancy

CVE-2024-25714 CRITICAL

Rhonabwy < 1.1.13 - Timing Side-Channel Attack via HMAC Signature Verification

Previous Page 7 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy