CWE-204: CWE-204

CVE-2025-46390 is an observable response discrepancy vulnerability (CWE-204) that allows attackers to infer sensitive information by analyzing differe...

CVE-2021-20049 is a username enumeration vulnerability in SonicWall SMA100's password change API that allows unauthenticated attackers to determine va...

ChurchCRM versions before 6.5.0 echo plaintext passwords back in HTTP responses, allowing attackers to steal user credentials. This affects all Church...

This vulnerability in Grav's admin plugin allows attackers to enumerate valid usernames and discover associated email addresses through the 'Forgot Pa...

This vulnerability allows attackers to determine whether specific usernames exist in a system by measuring differences in login response times. This e...

A user enumeration vulnerability in FormaLMS 4.1.18 and earlier allows unauthenticated attackers to determine valid usernames via the password recover...

CVE-2026-25509 is an email enumeration vulnerability in CI4MS, a CodeIgniter 4-based CMS skeleton. Unauthenticated attackers can determine whether spe...

CVE-2026-24664 is a username enumeration vulnerability in Open eClass (formerly GUnet eClass) that allows unauthenticated attackers to identify valid ...

CVE-2026-23511 is a user enumeration vulnerability in ZITADEL identity management platform that allows unauthenticated attackers to confirm valid user...

Pega Platform versions 7.1.0 through Infinity 25.1.0 have a user enumeration vulnerability in the deprecated basic authentication feature. Attackers c...

Gridscale X Prepay versions before V4.2.1 have a user enumeration vulnerability where attackers can distinguish between valid and invalid users based ...

CVE-2025-65899 is a user enumeration vulnerability in Kalmia CMS that allows unauthenticated attackers to determine valid usernames by observing diffe...

Medtronic CareLink Network has an information disclosure vulnerability where unauthenticated remote attackers can query an API endpoint to determine i...

Windu CMS version 4.1 is vulnerable to user enumeration during login, allowing attackers to determine valid usernames by analyzing response difference...

Omnissa Workspace ONE UEM has an observable response discrepancy vulnerability that allows attackers to enumerate sensitive information like tenant ID...

This vulnerability allows unauthenticated remote attackers to enumerate valid usernames on D-Link Nuclias Connect systems by observing different error...

This vulnerability allows unauthenticated attackers to enumerate valid email addresses on D-Link Nuclias Connect systems by exploiting response differ...

This vulnerability in Icinga DB Web allows authorized users to bypass variable protection mechanisms and guess values of protected or hidden custom va...

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent use...

This vulnerability allows attackers to enumerate valid usernames on Trivision NC-227WF devices by exploiting inconsistent error messages during login ...

This vulnerability in Saleor e-commerce platform allows attackers to determine whether a specific email address exists in the system by analyzing erro...

This vulnerability in Tuleap's forgot password form allows attackers to enumerate valid usernames by observing differences in response times or error ...

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent use...

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent use...

This CVE describes an Observable Response Discrepancy vulnerability in Tridium Niagara Framework and Enterprise Security that allows cryptanalysis. At...

This CVE describes a timing attack vulnerability in Umbraco CMS that allows attackers to determine whether specific user accounts exist by analyzing p...

This vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows remote attackers to enumerate valid usernames by analyzing differences in error mess...

CVE-2025-23193 is an information disclosure vulnerability in SAP NetWeaver Server ABAP that allows unauthenticated attackers to determine whether spec...

This vulnerability in pimcore/admin-ui-classic-bundle allows attackers to enumerate valid user accounts via the 'Forgot password' function due to impr...

IBM Aspera Faspex versions 5.0.0 through 5.0.10 can leak sensitive username information through observable response discrepancies. This vulnerability ...

This vulnerability in AWS Sign-in allows attackers to use timing differences in IAM user login responses to brute-force enumerate valid usernames in A...

This vulnerability allows unauthenticated attackers to enumerate valid user accounts on Fortinet products by observing differences in login response b...

This vulnerability in Cisco ECE allows unauthenticated remote attackers to enumerate valid usernames by analyzing differences in authentication respon...

This vulnerability in NetCat CMS allows attackers to determine whether specific usernames exist in the system by sending specially crafted HTTP reques...

This vulnerability allows unauthenticated remote attackers to distinguish between valid and invalid usernames in Mendix applications using basic authe...

This CVE describes an observable response discrepancy vulnerability in Loway software where attackers can infer information about system state through...

This vulnerability in web-auth/webauthn-lib allows attackers to enumerate valid usernames when WebAuthn is used as the primary authentication method. ...

IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.4 have a username and password error response discrepancy that allows attackers t...

This vulnerability in Logpoint allows attackers to enumerate valid usernames by timing responses from the Forgot Password endpoint. Attackers can iden...

This vulnerability in IBM Cognos Controller allows remote attackers to enumerate valid usernames by analyzing differences in error messages. Attackers...

This CVE reveals that Discord's WebSocket API leaks information about users who set their status to 'Invisible'. The API incorrectly includes invisibl...

This vulnerability in SAP Financial Service Claims Management allows attackers to enumerate valid user accounts and potentially disclose personal data...

IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 contain an information disclosure vulnerability where authentic...

The goTenna Pro App fails to pad broadcasted frames with extra characters, allowing attackers to determine the length of encrypted messages. This info...

This vulnerability in Mastodon allows attackers to confirm the existence of private statuses by sending requests with non-English Accept-Language head...

IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to determine valid user accounts by anal...