Lucene search
K

231 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52071

Name of the Vulnerable Software and Affected Versions Ghost versions 5.18.0 through 6.21.0 Description A discrepancy in responses from the members signin endpoints allows an unauthenticated attacker to determine if a specific email address is registered as a member of the site. Recommendations...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 9:54 p.m.10 views

EUVD-2026-38393

Filament: Timing-based user enumeration on login page...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.6 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:40 p.m.5 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:40 p.m.22 views

CVE-2026-48166

CVE-2026-48166 — Filament timing-based user enumeration on login page . Affects Filament login page in versions 4.0.0–4.11.5 and 5.6.5 of Filament (Laravel component library). An observable timing discrepancy on login allows unauthenticated attackers to determine whether a given email is register...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51387

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References4
NVD
NVD
added 2026/06/20 4:17 p.m.17 views

CVE-2026-56267

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS0.00328EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.5 views

CVE-2026-56267

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38118

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.27 views

CVE-2026-56267

Flowise prior to version 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint. The endpoint returns full user objects including PII to unauthenticated attackers, enabling enumeration of valid email addresses and harvesting of sensitive data su...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django versions 5.1.1, 5.0.9, and 4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view that implements password reset processes, allows remote attackers to enumerate user email addresses by sending password reset requests and observing the...

5.3CVSS6.8AI score0.00805EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.15 views

CVE-2026-54396

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:48 p.m.13 views

EUVD-2026-36572

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS5.5AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:48 p.m.32 views

CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:48 p.m.23 views

CVE-2026-54396

CVE-2026-54396 describes an information disclosure in the MISP AuthKey edit functionality. When a validation error occurs, the user dropdown was populated from the attacker-controlled AuthKey.user_id in the submitted request, enabling an authenticated user with edit permission to enumerate user e...

5.3CVSS5.5AI score0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:48 p.m.7 views

CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS5.5AI score0.00247EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/08 12:55 p.m.92 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Automated Exploit - Usage Guide What This S...

9.2CVSS5.5AI score0.00612EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.16 views

CVE-2026-7385

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

5.8CVSS5.5AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.16 views

CVE-2026-33877

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint /api/v1/@apostrophecms/login/reset-request that allows unauthenticated username and email enumeration. When a user is not found,...

3.7CVSS5.4AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35676

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

8.8CVSS5.5AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder