By weakness (CWE)

CWE-208: related vulnerabilities

CVEs classified under CWE-208. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-45410MEDIUM 5.3

    TREK, a collaborative travel planning application, contains a user enumeration vulnerability in its login process that allows attackers to determine whether specific email addresses have accounts in the system. The flaw stems from a timing discrepancy: when a user submits a login attempt with a valid email address, the backend takes approximately 370 milliseconds to complete its password check before denying access. For non-existent accounts, the system responds in roughly 10 milliseconds. This 14-fold difference in response time leaks account existence information without any change in HTTP status codes or error messages, making it detectable through simple response timing analysis. The issue has been resolved in version 3.0.18.