Lucene search
+L

10289 matches found

packetstormnews
packetstormnews
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
nvd
nvd
added yesterday4 views

CVE-2026-20150

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.8CVSS
Exploits0References1
nvd
nvd
added yesterday4 views

CVE-2026-20187

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-20187 Cisco RoomOS Security Hardening Release - Exceptional Conditions Handling Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44719

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added yesterday17 views

CVE-2026-20153 Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
cve
cve
added yesterday13 views

CVE-2026-20157

Technical details are not publicly available in provided documents. The CVE entry mentions missing encryption under CWE-311 and a Cisco RoomOS hardening release, but specific affected products, versions, root cause, impact, or fixes are not disclosed here. Monitor for updates.

7.5CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added yesterday24 views

CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...

6.9CVSS0.00046EPSS
Exploits0References4
nvd
nvd
added yesterday5 views

CVE-2026-56339

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescindinvitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NOORG vs...

8.7CVSS
Exploits0References2
euvd
euvd
added yesterday6 views

EUVD-2026-44623

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescindinvitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NOORG vs...

8.7CVSS6.1AI score
Exploits0References2
nuclei
nuclei
added yesterday97 views

TerraMaster TOS < 4.2.06 - User Enumeration

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...

5.3CVSS6.2AI score0.18066EPSS
Exploits1References5
nuclei
nuclei
added yesterday16 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6.1AI score0.0083EPSS
Exploits0References3
nuclei
nuclei
added yesterday31 views

Usermin 2.100 - Username Enumeration

Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint. id: CVE-2024-44762 info: name: Usermin 2.100 - Username Enumeration author:...

5.3CVSS6.2AI score0.02621EPSS
Exploits5References4
nuclei
nuclei
added yesterday27 views

Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration

Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...

5.3CVSS6.2AI score0.0991EPSS
Exploits1References2
nuclei
nuclei
added yesterday75 views

Thinfinity VirtualUI User Enumeration

Thinfinity VirtualUI before v3.0, /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users Administrator, Guest, etc. id: CVE-2021-44848 info: name: Thinfinity VirtualUI User Enumeration author: danielmofer severity: medium...

5.3CVSS6.2AI score0.23141EPSS
Exploits4References5
nuclei
nuclei
added yesterday33 views

ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

5.3CVSS6.1AI score0.00908EPSS
Exploits1References3
nuclei
nuclei
added yesterday16 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS6.2AI score0.00583EPSS
Exploits0References1
nuclei
nuclei
added yesterday30 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS7AI score0.00847EPSS
Exploits3References3
nuclei
nuclei
added yesterday14 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS6.1AI score0.00648EPSS
Exploits1References2
nuclei
nuclei
added yesterday34 views

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS6.1AI score0.0203EPSS
Exploits1References4
Rows per page
Query Builder