CWE-203
Observable Discrepancy (Side-Channel)
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 7 of 7- CVE-2024-39891Medium· 5.3KEVEPSS 17%1 d ago
Twilio Authy Information Disclosure Vulnerability
- CVE-2026-11284Medium· 6.5EPSS 0%4 d ago
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11289Medium· 6.5EPSS 0%4 d ago
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2022-3907High· 7.5EPSS 1%4 d ago
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.
- CVE-2022-46392Medium· 5.3EPSS 0%7 d ago
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA pr
- CVE-2020-10932Medium· 4.7EPSS 0%7 d ago
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of
- CVE-2024-23170Medium· 5.5EPSS 0%7 d ago
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the atta
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.