Lucene search
K

236 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 8:25 p.m.4 views

CVE-2026-28288

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/27 8:25 p.m.6 views

EUVD-2026-9068

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

dify 安全漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.9.0 contained security vulnerabilities. These vulnerabilities were caused by differences in API responses, which could lead to the enumeration of registered email addresses...

6.9CVSS5.8AI score0.00635EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22397

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.9.0 Description The Dify API exhibits differing responses when queried for existing and non-existent accounts, potentially enabling an attacker to enumerate email addresses registered with the Dify platform. This issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.5 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.4AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 10:16 p.m.12 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 9:16 p.m.4 views

CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.4AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 9:16 p.m.21 views

CVE-2026-25509

CI4MS is a CodeIgniter 4–based CMS skeleton. A vulnerability in the authentication flow allows unauthenticated attackers to enumerate registered emails via password-reset responses, by differentiating between existing vs non-existing emails. The issue is documented across multiple feeds (NVD, Red...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 9:16 p.m.4 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/03 9:16 p.m.8 views

EUVD-2026-5163

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 9:16 p.m.29 views

CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 9:16 p.m.6 views

CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained security vulnerabilities. These vulnerabilities stemmed from email enumeration issues in the authentication implementation. Unverified attackers could determine whether email...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References2
NVD
NVD
added 2026/02/02 11:16 p.m.9 views

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

7.5CVSS0.00413EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/02 11:1 p.m.29 views

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS0.00413EPSS
Exploits1References2
CVE
CVE
added 2026/02/02 11:1 p.m.14 views

CVE-2026-25222

CVE-2026-25222 describes a timing-attack in PolarLearn’s sign-in flow for versions prior to 0-PRERELEASE-15. An unauthenticated attacker can infer whether an email is registered by measuring login response times: requests for existing users take ~650ms, while non-existent users are ~160ms, becaus...

7.5CVSS5.5AI score0.00413EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/02 9:52 p.m.3 views

GHSA-654X-9Q7R-G966 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...

5.3CVSS5.6AI score0.00349EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/02 9:52 p.m.7 views

CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.12 views

PolarLearn 信息泄露漏洞

PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-15 contained a vulnerability related to information leakage. This vulnerability stemmed from a time-based attack during the login process, which could lead to the enumeration of registered...

7.5CVSS5.8AI score0.00413EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-6376

Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...

5.3CVSS5.6AI score0.00349EPSS
Exploits0References5
Rows per page
Query Builder