By weakness (CWE)

CWE-203: related vulnerabilities

CVEs classified under CWE-203. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-45294MEDIUM 5.3

    FreeScout, a Laravel-based open-source help desk platform, leaks information about whether an email address is registered as a helpdesk agent account. An attacker can repeatedly submit email addresses to the password reset feature and observe different visual responses that reveal which accounts exist—a technique called user enumeration. This flaw affects all versions before 1.8.219 and requires no authentication or user interaction to exploit.

  • CVE-2026-45410MEDIUM 5.3

    TREK, a collaborative travel planning application, contains a user enumeration vulnerability in its login process that allows attackers to determine whether specific email addresses have accounts in the system. The flaw stems from a timing discrepancy: when a user submits a login attempt with a valid email address, the backend takes approximately 370 milliseconds to complete its password check before denying access. For non-existent accounts, the system responds in roughly 10 milliseconds. This 14-fold difference in response time leaks account existence information without any change in HTTP status codes or error messages, making it detectable through simple response timing analysis. The issue has been resolved in version 3.0.18.