CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

123 matches found

Cvelist•added 2026/05/12 9:30 p.m.•28 views

CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS0.00037EPSS

Exploits0References1

Snyk•added 2026/03/25 7:53 p.m.•0 views

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the userRecoverPass.php endpoint. An attacker can obtain information about the existence and status of user accounts by sending crafted...

6.9CVSS5.8AI score0.00086EPSS

Exploits1References2

Snyk•added 2026/03/11 8:42 p.m.•1 views

Information Exposure

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Information Exposure via the POST /store-api/account/login endpoint returning distinct error codes and echoing the probed email address. An attacker c...

6.9CVSS5.8AI score0.00055EPSS

Exploits0References2

Cvelist•added 2026/02/27 8:25 p.m.•16 views

CVE-2026-28288 Dify has a user enumeration issue

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS0.00453EPSS

Exploits1References2

Github Security Blog•added 2026/02/25 6:53 p.m.•4 views

Rucio WebUI has Username Enumeration via Login Error Message

Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...

5.3CVSS5.6AI score0.00077EPSS

Exploits1References7Affected Software1

Vulnrichment•added 2026/02/24 4:43 p.m.•1 views

CVE-2025-62512 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS5.9AI score0.02388EPSS

Exploits1References1

CVE•added 2026/02/06 8:47 p.m.•8 views

CVE-2026-25597

Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...

5.3CVSS5.5AI score0.0006EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/02/03 9:13 p.m.•9 views

PrestaShop affected by time based enumeration in FO login form

Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. Patches 8.2.4 and 9.0.3 Workarounds none References Found by L...

5.3CVSS5.5AI score0.0006EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/02/03 12:0 a.m.•1 views

PT-2026-6377

5.3CVSS5.5AI score

Exploits0References5

RedhatCVE•added 2026/01/09 11:15 a.m.•0 views

CVE-2021-0391

In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.8CVSS6.7AI score0.00052EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:5 a.m.•1 views

CVE-2024-41952

Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

5.3CVSS6.7AI score0.00909EPSS

Exploits0References1

Veracode•added 2025/12/31 10:32 a.m.•4 views

User Enumeration

ibexa/user is vulnerable to User Enumeration. The vulnerability is due to overly descriptive error messages, which allows an attacker to determine whether a user account exists by observing differences in error responses...

6.9AI score

Exploits0

CNNVD•added 2025/12/02 12:0 a.m.•2 views

Horde Groupware 信息泄露漏洞

Horde Groupware is a collaboration software suite from Horde Open Source. An information disclosure vulnerability exists in Horde Groupware version v5.2.22, which originates from an unauthenticated attacker being able to determine whether a valid account exists by sending an HTTP request...

6.9CVSS6AI score0.0005EPSS

Exploits0References1

EUVD•added 2025/10/22 3:31 p.m.•1 views

EUVD-2025-35362

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

4.3CVSS6.6AI score0.00526EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2006-0400

Malware in sbrugna...

4CVSS6.4AI score0.00988EPSS

Exploits1References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-2760

Malware in sbrugna...

4.3CVSS8.4AI score0.00189EPSS

Exploits1References5