ROS-20260605-73-0035

The vulnerability in Tomcat10 is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...

EUVD-2025-209308

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

CVE-2025-14243

CVE-2025-14243 concerns the OpenShift Mirror Registry. The vulnerability allows an unauthenticated remote attacker to enumerate valid usernames and email addresses by eliciting different error messages during authentication failures and account creation. Affected component: OpenShift Mirror Regis...

CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

PT-2026-31329

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

Red Hat OpenShift Mirror Registry 安全漏洞

Red Hat OpenShift Mirror Registry is a lightweight container image repository service provided by Red Hat Corporation. There is a security vulnerability in Red Hat OpenShift Mirror Registry. This vulnerability stems from failed authentication processes and different error messages during account...

Shopware has user enumeration via distinct error codes on Store API login endpoint

Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...

Rucio WebUI has Username Enumeration via Login Error Message

Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...

CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

CVE-2025-65899

Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...

CVE-2025-40760

Affected product: Altair Grid Engine before 2026.0.0. Root cause: error handling mishandling during user authentication leads to disclosure of password hashes of privileged accounts. Impact: local attacker could recover password hashes for offline brute-forcing. Evidence across connected sources ...

CVE-2025-34155

Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of user accounts by analyzing differences in error messages presented during authentication attempts. Remediation Upgrade ibexa/user to version 5.0.3 or...

EUVD-2015-3708

Malware in sbrugna...

EUVD-2014-8150

Malware in sbrugna...

CVE-2025-55068

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition...

CVE-2025-55068

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition...

CVE-2025-55068 Dover Fueling Solutions ProGauge MagLink LX4 Devices Integer Overflow or Wraparound

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition...