Weaknesses of type CWE-203
294 resultsCVE-2022-39228MEDIUMObservable Response Discrepancy in vantage6EPSS 0.6%CVE-2024-11297MEDIUMPage Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.6%CVE-2024-43546MEDIUMWindows Cryptographic Information Disclosure VulnerabilityEPSS 0.6%CVE-2022-3143HIGHwildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.AEPSS 0.6%CVE-2024-9398MEDIUMBy checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application whiEPSS 0.6%CVE-2023-32691MEDIUMginuerzh/gost vulnerable to Timing AttackEPSS 0.6%CVE-2018-16868MEDIUMA Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5EPSS 0.6%CVE-2022-45163MEDIUMAn information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, iEPSS 0.6%CVE-2022-35888MEDIUMAmpere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extractEPSS 0.6%CVE-2025-1468HIGHCODESYS Control V3 - OPC UA Server Authentication bypassEPSS 0.6%CVE-2023-0440MEDIUMObservable Discrepancy in healthchecks/healthchecksEPSS 0.6%CVE-2024-22647MEDIUMAn user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error mEPSS 0.6%CVE-2022-34477HIGHThe MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site crosEPSS 0.6%CVE-2024-50382MEDIUMBotan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in EPSS 0.5%CVE-2023-26560MEDIUMNorthern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbEPSS 0.5%CVE-2024-50383MEDIUMBotan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna12EPSS 0.5%CVE-2023-6935MEDIUMMarvin Attack vulnerability in SP Math All RSAEPSS 0.5%CVE-2024-26268MEDIUMUser enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 2EPSS 0.5%CVE-2023-24598—OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the privEPSS 0.5%CVE-2023-39522MEDIUMUsername enumeration attack in goauthentikEPSS 0.5%