CWE-203: CWE-203

This vulnerability in Bouncy Castle's Java TLS implementation allows timing-based side-channel attacks during RSA handshakes. Attackers can potentiall...

This Windows cryptographic vulnerability allows attackers to disclose sensitive information from memory. It affects Windows systems with cryptographic...

This Windows vulnerability allows attackers to obtain cryptographic information that could help them decrypt protected data or bypass security mechani...

This CVE describes a side-channel information disclosure vulnerability in Android that allows local attackers to access screen-displayed data without ...

This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sens...

This macOS vulnerability allows applications to access sensitive user data they shouldn't have permission to view. It affects users running vulnerable...

CVE-2020-10369 is a side-channel vulnerability in certain Cypress/Broadcom wireless chips that allows attackers to infer memory content via a 'Spectra...

This CVE addresses a side-channel vulnerability in the Linux kernel's ICMP rate limiting implementation. The vulnerability could allow attackers to in...

This CVE-2022-48730 is a Spectre v1 vulnerability in the Linux kernel's DMA-BUF heaps subsystem where user-supplied input could be used as an array in...

CVE-2024-32926 is a side-channel information disclosure vulnerability in Android Pixel devices that could allow local attackers to access sensitive in...

This timing-based user enumeration vulnerability in Directus allows attackers to determine whether specific usernames/emails exist in the system by me...

This vulnerability in AnythingLLM allows attackers to determine whether specific usernames exist in the system by observing different error messages f...

REDCap 14.3.13 has a username enumeration vulnerability where attackers can distinguish between valid and invalid usernames based on response time dif...

CVE-2023-53943 is a username enumeration vulnerability in GLPI's password recovery mechanism that allows attackers to determine valid user email addre...

CVE-2025-39665 is an information disclosure vulnerability in Nagvis' Checkmk MultisiteAuth plugin that allows unauthenticated attackers to enumerate v...

This vulnerability in OpenAtlas v8.12.0 allows remote attackers to enumerate valid usernames through login error messages. Attackers can determine whi...

This vulnerability allows attackers to enumerate valid usernames in Joomla's passkey authentication system by observing differences in authentication ...

This vulnerability allows remote attackers to determine if user accounts exist in Liferay Portal/DXP by exploiting the create account page. Attackers ...

This CVE describes a user enumeration vulnerability in eGroupWare's calendar/freebusy.php endpoint. Unauthenticated remote attackers can determine val...

This vulnerability in Kanboard allows attackers to enumerate valid usernames and bypass IP-based brute-force protection mechanisms. By analyzing login...

CVE-2021-47664 allows unauthenticated remote attackers to enumerate valid usernames due to improper authentication mechanisms. This affects systems wi...

This vulnerability allows unauthenticated remote attackers to determine valid usernames on affected Siemens devices by analyzing login response time d...

This vulnerability allows attackers to enumerate valid usernames in Dependency-Track by measuring response time differences during login attempts. Onl...

This vulnerability in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to enumerate valid usernames by analyzing d...

This vulnerability allows attackers to detect whether specific protocol handler applications are installed on a user's system by exploiting how Firefo...

This vulnerability in Intel processors' RAPL (Running Average Power Limit) interface allows a privileged user to potentially disclose information thro...

This vulnerability allows attackers to determine whether specific user accounts exist in ORDAT FOSS-Online by analyzing differences in server response...

This vulnerability in Zitadel identity management system allows attackers to enumerate valid usernames when the 'Ignoring unknown usernames' security ...

This vulnerability in Veilid's veilid-core allows attackers to misuse the ping function to degrade the effectiveness of safety and private routes. Thi...

IBM i Service Tools Server (SST) versions 7.2 through 7.5 are vulnerable to user enumeration by remote attackers. This allows malicious actors to iden...

CVE-2024-7881 is a speculative execution vulnerability in certain Arm CPUs where unprivileged code can trigger the data memory-dependent prefetcher to...

GFI MailEssentials AI versions before 22.4 contain an authenticated file enumeration vulnerability. An authenticated attacker can check whether arbitr...

This CVE describes an information disclosure vulnerability in Directus where unauthorized users can determine whether specific database collections ex...

IBM Aspera versions 5.0.0 through 5.0.13.1 contain an information disclosure vulnerability where authenticated users can access sensitive system infor...

This CVE describes an Observable Timing Discrepancy vulnerability in DivvyDrive Web that allows attackers to perform cross-domain search timing attack...

This vulnerability in Liferay Portal and DXP allows any authenticated user to enumerate other users' names by viewing their calendars. This informatio...

This vulnerability allows any authenticated user in Liferay Portal/DXP to modify email content sent through the calendar portlet, enabling phishing at...

CVE-2025-23182 is an observable discrepancy vulnerability (CWE-203) that allows attackers to infer sensitive information through timing differences or...

This vulnerability allows low-privileged attackers with network access and Create Session privilege to modify data in Oracle Database Core. It affects...

This vulnerability allows attackers with physical access and specialized electromagnetic equipment to extract ECDSA secret keys from YubiKey 5 Series ...

This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sens...

This vulnerability in Entrinsik Informer v5.10.1 allows attackers to enumerate valid usernames by analyzing application responses during OTP and passw...

This vulnerability in JetBrains TeamCity allows attackers to enumerate open ports on the server when testing Perforce connections. It affects organiza...

WeKan versions before 8.19 have an information disclosure vulnerability where attachment metadata can be accessed by unauthorized users. This occurs b...