265 matches found
CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
CVE-2026-9699
Mattermost Plugins versions
Information Disclosure
Spring Web Services is vulnerable to Information Disclosure. The vulnerability is due to overly detailed authentication error handling in Spring Security integration paths, where account state information such as whether a user account is locked or disabled can be exposed through SOAP fault...
Linux Distros Unpatched Vulnerability : CVE-2026-40997
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clien...
EUVD-2026-36207
Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...
CVE-2026-40997
The CVE-2026-40997 issue affects Spring Web Services: versions 5.0.0–5.0.1, 4.1.0–4.1.3, 4.0.0–4.0.18, and 3.1.0–3.1.8. The vulnerability arises when several Spring WS integration paths with Spring Security reveal detailed account state (e.g., locked or disabled user semantics) to remote SOAP cli...
PT-2026-48620
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Integration paths between Spring W...
ROS-20260605-73-0035
The vulnerability in Tomcat10 is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...
EUVD-2025-209308
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
CVE-2025-14243
CVE-2025-14243 concerns the OpenShift Mirror Registry. The vulnerability allows an unauthenticated remote attacker to enumerate valid usernames and email addresses by eliciting different error messages during authentication failures and account creation. Affected component: OpenShift Mirror Regis...
Red Hat OpenShift Mirror Registry 安全漏洞
Red Hat OpenShift Mirror Registry is a lightweight container image repository service provided by Red Hat Corporation. There is a security vulnerability in Red Hat OpenShift Mirror Registry. This vulnerability stems from failed authentication processes and different error messages during account...
PT-2026-31329
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...
Shopware has user enumeration via distinct error codes on Store API login endpoint
Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...
Rucio WebUI has Username Enumeration via Login Error Message
Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...
CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
CVE-2025-65899
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...
CVE-2025-40760
Affected product: Altair Grid Engine before 2026.0.0. Root cause: error handling mishandling during user authentication leads to disclosure of password hashes of privileged accounts. Impact: local attacker could recover password hashes for offline brute-forcing. Evidence across connected sources ...