Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-203 (通过差异性导致的信息暴露) — Vulnerability Class 129

129 vulnerabilities classified as CWE-203 (通过差异性导致的信息暴露). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application — Smart Designer 4.3 Medium2026-04-16
CVE-2026-33429 Parse Server: Protected field change detection oracle via LiveQuery watch parameter — parse-server 3.7 -2026-03-24
CVE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter — discourse 5.3 -2026-03-20
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V — wolfSSL 5.5 -2026-03-19
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I — wolfSSL 7.5 -2026-03-19
CVE-2026-28490 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle — authlib--2026-03-16
CVE-2026-21386 Private channel enumeration via /mute slash command — Mattermost 4.3 Medium2026-03-16
CVE-2026-4040 OpenClaw File Existence tools.exec.safeBins information exposure — OpenClaw 3.3 Low2026-03-12
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake — go-ethereum 7.5 -2026-02-19
CVE-2026-23621 GFI MailEssentials AI < 22.4 ListServer.IsPathExist() Absolute Directory Traversal to File Enumeration — MailEssentials AI 4.3 Medium2026-02-19
CVE-2026-23620 GFI MailEssentials AI < 22.4 ListServer.IsDbExist() Absolute Directory Traversal to File Enumeration — MailEssentials AI 4.3 Medium2026-02-19
CVE-2019-25337 OwnCloud 8.1.8 - Username Disclosure — OwnCloud 9.8 Critical2026-02-12
CVE-2026-26185 Directus Affected by User Enumeration via Password Reset Timing Attack — directus 5.3 Medium2026-02-12
CVE-2026-25562 WeKan < 8.19 Attachments Publication Information Disclosure — WeKan 5.3AIMediumAI2026-02-07
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery — anything-llm 5.3 Medium2026-01-03
CVE-2022-50800 H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification — H3C SSL VPN 7.5 High2025-12-30
CVE-2023-53943 GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint — GLPI 5.3 Medium2025-12-18
CVE-2025-68164 JetBrains TeamCity 安全漏洞 — TeamCity 2.7 Low2025-12-16
CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM — wolfSSL 2.9AILowAI2025-12-11
CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script — Fusion Digital Signage 5.3AIMediumAI2025-12-10
CVE-2025-39665 Livestatus Injection in dynmaps — Nagvis 5.3AIMediumAI2025-12-03
CVE-2025-11932 Timing Side-Channel in PSK Binder Verification — wolfSSL 5.9 -2025-11-21
CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519 — wolfSSL 5.9 -2025-11-21
CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections — directus 4.3 Medium2025-11-13
CVE-2025-11145 User Enumeration in CBK Soft's enVision — enVision 7.5 High2025-10-24
CVE-2025-36225 IBM Aspera Faspex information disclosure — Aspera Faspex 4.3 Medium2025-10-09
CVE-2025-11443 JhumanJ OpnForm Forgotten Password email information exposure — OpnForm 3.7 Low2025-10-08
CVE-2025-54477 Joomla! Core - [20250902] User-Enumeration in passkey authentication method — Joomla! CMS 5.3AIMediumAI2025-09-30
CVE-2025-41252 Username enumeration vulnerability — NSX 7.5 High2025-09-29
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled — WSO2 Identity Server 3.7 Low2025-09-26

Vulnerabilities classified as CWE-203 (通过差异性导致的信息暴露) represent 129 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.