CWE-203 · Observable Discrepancy

739 CVEs classified under CWE-203 (Observable Discrepancy). Browse by severity and year.

Top CVEs for CWE-203
CVESeverityScorePublishedSummary
CVE-2019-25337Critical9.82026-02-12OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Att…
CVE-2026-23519Critical9.82026-01-15RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches b…
CVE-2025-27667Critical9.82025-03-05Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-001…
CVE-2024-25714Critical9.82024-02-11In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when…
CVE-2024-25191Critical9.82024-02-08php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVE-2024-25190Critical9.82024-02-08l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVE-2024-25189Critical9.82024-02-08libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVE-2024-23771Critical9.82024-01-22darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication vi…
CVE-2023-40756Critical9.82023-08-28User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacke…
CVE-2022-23304Critical9.82022-01-17The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access pattern…
CVE-2022-23303Critical9.82022-01-17The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. N…
CVE-2019-10071Critical9.82019-09-16The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC sign…
CVE-2018-1000884Critical9.82018-12-20Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Ti…
CVE-2025-10890Critical9.12025-09-24Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (C…
CVE-2023-26556Critical9.12023-04-21io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypt…
CVE-2022-40895Critical9.12022-10-06In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity…
CVE-2026-41588Critical9.02026-05-08RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue h…
CVE-2021-1924Critical9.02021-11-12Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti…
CVE-2020-3509High8.62020-09-24A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacke…
CVE-2023-5410High8.22024-03-12A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigati…