236 matches found
CVE-2026-28288
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
EUVD-2026-9068
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
dify 安全漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.9.0 contained security vulnerabilities. These vulnerabilities were caused by differences in API responses, which could lead to the enumeration of registered email addresses...
PT-2026-22397
Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.9.0 Description The Dify API exhibits differing responses when queried for existing and non-existent accounts, potentially enabling an attacker to enumerate email addresses registered with the Dify platform. This issue...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509
CI4MS is a CodeIgniter 4–based CMS skeleton. A vulnerability in the authentication flow allows unauthenticated attackers to enumerate registered emails via password-reset responses, by differentiating between existing vs non-existing emails. The issue is documented across multiple feeds (NVD, Red...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
EUVD-2026-5163
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
CI4MS 安全漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained security vulnerabilities. These vulnerabilities stemmed from email enumeration issues in the authentication implementation. Unverified attackers could determine whether email...
CVE-2026-25222
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222
CVE-2026-25222 describes a timing-attack in PolarLearn’s sign-in flow for versions prior to 0-PRERELEASE-15. An unauthenticated attacker can infer whether an email is registered by measuring login response times: requests for existing users take ~650ms, while non-existent users are ~160ms, becaus...
GHSA-654X-9Q7R-G966 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...
PolarLearn 信息泄露漏洞
PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-15 contained a vulnerability related to information leakage. This vulnerability stemmed from a time-based attack during the login process, which could lead to the enumeration of registered...
PT-2026-6376
Summary The authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. Vulnerability Details - The password res...