Lucene search
+L

166 matches found

nvd
nvd
added 2026/03/16 3:16 p.m.4 views

CVE-2026-21386

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS0.00184EPSS
Exploits0References1
osv
osv
added 2026/03/16 2:51 p.m.3 views

CVE-2026-21386 Private channel enumeration via /mute slash command

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS6.3AI score0.00184EPSS
Exploits0References3
euvd
euvd
added 2026/03/11 7:23 p.m.5 views

EUVD-2026-11298

Shopware has user enumeration via distinct error codes on Store API login endpoint...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/11 12:0 a.m.11 views

PT-2026-24802

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.34 and 9.6.0-alpha.8, the email verification endpoint /verificationEmailRequest returns distinct error responses depending on whether an email address belongs to an existing user, ...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References7
osv
osv
added 2026/03/10 6:28 p.m.4 views

GO-2026-4568 Curio exposes database credentials to users with network access through verbose HTTP error responses in github.com/filecoin-project/curio

Curio exposes database credentials to users with network access through verbose HTTP error responses in github.com/filecoin-project/curio...

5.8AI score
Exploits0References4
attackerkb
attackerkb
added 2026/03/06 8:28 p.m.4 views

CVE-2026-30835

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

6.9CVSS5.8AI score0.00336EPSS
Exploits0References4Affected Software1
github
github
added 2026/02/26 10:48 p.m.11 views

Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

5.9AI score
Exploits0References5Affected Software1
osv
osv
added 2026/02/12 11:16 p.m.5 views

UBUNTU-CVE-2019-25338

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...

6.9CVSS5.8AI score0.00407EPSS
Exploits1References6
euvd
euvd
added 2025/12/10 9:31 p.m.4 views

EUVD-2020-30841

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS6.3AI score0.00349EPSS
Exploits1References5
nvd
nvd
added 2025/12/10 9:16 p.m.5 views

CVE-2020-36888

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...

6.9CVSS0.00349EPSS
Exploits1References4
osv
osv
added 2025/11/06 12:59 p.m.8 views

BIT-DISCOURSE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.7AI score0.00274EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/10/29 9:12 p.m.16 views

CVE-2025-61598

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.8AI score0.00274EPSS
Exploits0References1
openvas
openvas
added 2025/10/29 12:0 a.m.7 views

Discourse Cache Poisoning Vulnerability (GHSA-jp9x-wwv6-cv3j)

Discourse is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

6.3CVSS6.7AI score0.00274EPSS
Exploits0References3
nvd
nvd
added 2025/10/28 9:15 p.m.6 views

CVE-2025-61598

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS0.00274EPSS
Exploits0References3
euvd
euvd
added 2025/10/28 8:38 p.m.6 views

EUVD-2025-36558

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.2AI score0.00274EPSS
Exploits0References3
cve
cve
added 2025/10/28 8:38 p.m.24 views

CVE-2025-61598

Product/Component: Discourse (open source discussion platform). Vulnerability summary: Versions before 3.6.2 and 3.6.0.beta2 expose a missing Cache-Control header (no-store, no-cache) in error responses, which can enable proxy caching of error pages and potentially lead to cache poisoning. Impact...

6.3CVSS6.4AI score0.00274EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2025/10/28 8:38 p.m.5 views

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.4AI score0.00274EPSS
Exploits0References3
cvelist
cvelist
added 2025/10/28 8:38 p.m.10 views

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS0.00274EPSS
Exploits0References3
osv
osv
added 2025/10/28 8:38 p.m.8 views

CVE-2025-61598 Discourse is missing Cache-Control response header on error responses

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

6.3CVSS6.8AI score0.00274EPSS
Exploits0References5
redhat
redhat
added 2025/10/27 4:55 p.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.62871EPSS
Exploits1References6
Rows per page
Query Builder