Lucene search
+L

175 matches found

cve
cve
added 3 days ago12 views

CVE-2026-9824

Mattermost v11.7.x ≤ 11.7.2, v11.6.x ≤ 11.6.4, and v10.11.x ≤ 10.11.19 are affected by CVE-2026-9824 due to a missing check of the manage_shared_channels permission in the /share-channel autocomplete handler. This allows an authenticated user without that permission to enumerate remote cluster co...

4.3CVSS6.1AI score0.00162EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/05/28 8:12 p.m.12 views

CVE-2026-46366

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/19 10:28 a.m.44 views

CVE-2026-37981 Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...

4.3CVSS0.0037EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.7 views

PT-2026-34749

Name of the Vulnerable Software and Affected Versions SpiceJet booking API affected versions not specified Description A flaw in the booking API allows unauthenticated users to query passenger name records PNRs due to a lack of access controls. Since PNR identifiers follow a predictable pattern, ...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References3
euvd
euvd
added 2026/04/16 6:31 a.m.6 views

EUVD-2023-58146

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
osv
osv
added 2026/03/26 4:23 p.m.4 views

CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

4.3CVSS6AI score0.00231EPSS
Exploits0References3
gitlab
gitlab
added 2026/03/25 12:0 a.m.10 views

Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion

TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads a different attachment that may belong to a task in another project. This allows any...

8.1CVSS5.8AI score0.00265EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2026/03/16 7:18 p.m.5 views

EUVD-2026-12498

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

6.3CVSS5.7AI score0.00205EPSS
Exploits0References2
nvd
nvd
added 2026/03/03 1:16 p.m.6 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS0.00141EPSS
Exploits1References3
nvd
nvd
added 2026/02/19 6:24 p.m.6 views

CVE-2026-23620

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON...

5.3CVSS0.00183EPSS
Exploits0References2
cve
cve
added 2026/02/19 12:0 a.m.14 views

CVE-2026-26744

FormaLMS is affected version 4.1.18 and earlier. A user enumeration flaw exists in the password recovery endpoint (/lostpwd) where responses differ between valid and invalid usernames, allowing unauthenticated attackers to determine registered usernames. Impact is limited to information disclosur...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/01/09 12:41 p.m.8 views

CVE-2023-25192

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00...

5.3CVSS7AI score0.00502EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 12:36 p.m.10 views

CVE-2023-49274

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this...

5.3CVSS6.9AI score0.0046EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 12:31 p.m.11 views

CVE-2023-40765

User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

9.8CVSS7AI score0.00746EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 12:30 p.m.11 views

CVE-2023-40761

User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

9.8CVSS7AI score0.00746EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 12:29 p.m.12 views

CVE-2023-40757

User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

9.8CVSS7AI score0.00746EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:48 a.m.10 views

CVE-2020-24008

Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

5.3CVSS7AI score0.00911EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:13 a.m.12 views

CVE-2022-31088

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed ...

6.5CVSS6.4AI score0.0121EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-25561

Malware in sbrugna...

5.3CVSS5.4AI score0.01401EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-1938

Malware in sbrugna...

5.3CVSS5.5AI score0.01301EPSS
Exploits0References4
Rows per page
Query Builder