Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-204

CWE-204

Observable Response Discrepancy

Parent: CWE-203 - Observable Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

157 vulnerabilities with CWE-204

CVE-2026-43926 MEDIUM

FOSSBilling's password reset confirmation endpoint lacks rate limiting

CVE-2026-45294 MEDIUM

FreeScout: User Account Enumeration via Password Reset Response Differentiation

CVE-2026-45620 MEDIUM

AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

CVE-2026-44306 MEDIUM

Statamic: Email enumeration via forgot password endpoint

CVE-2026-8242 LOW

Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

CVE-2026-20195 MEDIUM

Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

CVE-2026-34319 MEDIUM

MySQL Shell 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 - Denial of Service via Shell Core Client

CVE-2026-24468 MEDIUM

OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API

CVE-2026-40485 MEDIUM

ChurchCRM: Username Enumeration via Differential Response in Public Login API

CVE-2026-34264 MEDIUM

Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA

CVE-2026-4113 HIGH

SonicWall SMA1000 <12.4.3-03245 - Info Disclosure

CVE-2026-39851 MEDIUM

Saleor requestEmailChange() - User Enumeration

CVE-2026-33419 HIGH

MinIO: LDAP login brute-force via user enumeration and missing rate limit

CVE-2026-33323 MEDIUM

Parse Server: Email verification resend page leaks user existence

CVE-2026-33688 MEDIUM

AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

CVE-2026-30876 MEDIUM

Chamilo LMS: User enumeration vulnerability via response

CVE-2026-2859 MEDIUM

Checkmk 2.4.0-2.4.0p22/2.3.0-2.3.0p42 - Info Disclosure

CVE-2026-24097 MEDIUM

Checkmk 2.4.0-2.4.0p22, 2.3.0-2.3.0p42 - Info Disclosure

CVE-2026-4045 LOW

projectsend r1945 - Info Disclosure

CVE-2026-31901 MEDIUM

Parse Server <8.6.34/9.6.0-alpha.8 - Info Disclosure

CVE-2026-31888 MEDIUM

Shopware <6.7.8.1/6.6.10.15 - Info Disclosure

CVE-2026-28358 MEDIUM

NocoDB < 0.301.3 - User Enumeration via Password Reset Endpoint

CVE-2026-28288 MEDIUM

Dify < 1.9.0 - Email Enumeration via Observable Response Discrepancy

CVE-2026-25138 MEDIUM

Rucio <35.8.3/<38.5.4/<39.3.1 - Info Disclosure

CVE-2026-27480 MEDIUM

Static Web Server 2.1.0-2.40.1 - Auth Bypass

Page 1 of 7 Next

Details

Vulnerabilities 157

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy