Weaknesses of type CWE-203
294 resultsCVE-2020-10369MEDIUMCertain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory conteEPSS 0.4%CVE-2020-10367MEDIUMCertain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a "Spectra"EPSS 0.4%CVE-2025-6386HIGHTiming Attack Vulnerability in parisneo/lollmsEPSS 0.4%CVE-2025-9109MEDIUMPortabilis i-Diario Password Recovery Endpoint email observable response discrepancyEPSS 0.4%CVE-2026-26895MEDIUMUser enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the plEPSS 0.4%CVE-2024-54454MEDIUMAn issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable REPSS 0.4%CVE-2021-34576MEDIUMObservable discrepancy in Kaden PICOFLUX AiR leaks water consumptionEPSS 0.4%CVE-2023-46739MEDIUMTiming attack can leak user passwordsEPSS 0.4%CVE-2025-57770MEDIUMZITADEL user enumeration vulnerability in login UIEPSS 0.4%CVE-2024-1544MEDIUMECDSA nonce bias caused by truncationEPSS 0.3%CVE-2026-26185MEDIUMDirectus Affected by User Enumeration via Password Reset Timing AttackEPSS 0.3%CVE-2023-54357HIGHJoomla com_booking 2.4.9 Information Disclosure via Account EnumerationEPSS 0.3%CVE-2025-32789LOWEspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting FunctionEPSS 0.3%CVE-2021-47664MEDIUMEnumeration of valid user namesEPSS 0.3%CVE-2023-32694MEDIUMNon-constant time HMAC comparison in Adyen plugin in SaleorEPSS 0.3%CVE-2024-41880MEDIUMIn veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and pEPSS 0.3%CVE-2020-36888MEDIUMSpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login ScriptEPSS 0.3%CVE-2024-45678MEDIUMYubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extracEPSS 0.3%CVE-2023-5872MEDIUMWago: Vulnerability in Smart Designer Web-ApplicationEPSS 0.3%CVE-2025-6056MEDIUMTiming difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackeEPSS 0.3%