CWE-203 · Observable Discrepancy
739 CVEs classified under CWE-203 (Observable Discrepancy). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-25337 | Critical | 9.8 | 2026-02-12 | OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Att… |
CVE-2026-23519 | Critical | 9.8 | 2026-01-15 | RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches b… |
CVE-2025-27667 | Critical | 9.8 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-001… |
CVE-2024-25714 | Critical | 9.8 | 2024-02-11 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when… |
CVE-2024-25191 | Critical | 9.8 | 2024-02-08 | php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
CVE-2024-25190 | Critical | 9.8 | 2024-02-08 | l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
CVE-2024-25189 | Critical | 9.8 | 2024-02-08 | libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
CVE-2024-23771 | Critical | 9.8 | 2024-01-22 | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication vi… |
CVE-2023-40756 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacke… |
CVE-2022-23304 | Critical | 9.8 | 2022-01-17 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access pattern… |
CVE-2022-23303 | Critical | 9.8 | 2022-01-17 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. N… |
CVE-2019-10071 | Critical | 9.8 | 2019-09-16 | The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC sign… |
CVE-2018-1000884 | Critical | 9.8 | 2018-12-20 | Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Ti… |
CVE-2025-10890 | Critical | 9.1 | 2025-09-24 | Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (C… |
CVE-2023-26556 | Critical | 9.1 | 2023-04-21 | io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypt… |
CVE-2022-40895 | Critical | 9.1 | 2022-10-06 | In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity… |
CVE-2026-41588 | Critical | 9.0 | 2026-05-08 | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue h… |
CVE-2021-1924 | Critical | 9.0 | 2021-11-12 | Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti… |
CVE-2020-3509 | High | 8.6 | 2020-09-24 | A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacke… |
CVE-2023-5410 | High | 8.2 | 2024-03-12 | A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigati… |