929 matches found
CVE-2025-12455
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...
CVE-2025-12455 Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...
CVE-2025-12455
Technical details are not publicly provided in the supplied documents. Monitor for updates regarding affected products and versions.
CVE-2025-12455 Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...
CVE-2026-24097 Authenticated Host Enumeration via Observable Response Discrepancy on Agent Register Existing Endpoint
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...
PT-2026-25370
CVE-2025-13460 IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy. https://t.co/sTiAd3lLOs...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Console
Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.9 Vulnerability Details CVEID:CVE-2025-13459 DESCRIPTION: IBM Aspera Console could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. CWE:CWE-841: Improper...
CVE-2026-4045 projectsend Auth.php response discrepancy
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...
CVE-2026-4045
CVE-2026-4045 affects projectsend up to r1945, specifically an issue in includes/Classes/Auth.php where manipulating the ldap_email argument can cause observable response discrepancy. attack can be executed remotely with high complexity and is reported as a low-severity (CVSS ~3.7) issue, with ex...
CVE-2026-4045 projectsend Auth.php response discrepancy
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...
GHSA-V359-JJ2V-J536 vLLM has SSRF Protection Bypass
Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...
@perfood/couch-auth has an Observable Timing Discrepancy
An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...
GHSA-MJQR-5C55-G77H @perfood/couch-auth has an Observable Timing Discrepancy
An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...
CVE-2025-70949
An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...
SUSE-SU-2026:0790-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
CVE-2026-26744
FormaLMS 4.1.18 and earlier is affected by a user-enumeration flaw in the password-recovery endpoint (/lostpwd). The app returns different error messages for valid versus invalid usernames, enabling unauthenticated attackers to determine registered usernames via observable responses. The descript...