Lucene search
K

7 matches found

CVE
CVE
added 2026/06/12 8:23 p.m.22 views

CVE-2026-44782

Discourse (open-source) is affected. In versions 2026.1.0-latest–2026.1.3.x, 2026.3.0-latest–2026.3.0.x, and 2026.4.0-latest–2026.4.0.x, GroupPostSerializer used include_user_long_name? as the predicate for the :name attribute. AMS checks for include_name?, but the misnamed predicate was never in...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2026-22602

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. Since user IDs are assigned sequentially and predictably e.g., 1 to 1000, an attacker can extract a complete list of all users’ fu...

3.5CVSS6.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 1:6 a.m.5 views

CVE-2026-22602 OpenProject is Vulnerable to User Enumeration via User ID

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. Since user IDs are assigned sequentially and predictably e.g., 1 to 1000, an attacker can extract a complete list of all users’ fu...

3.5CVSS6.7AI score0.00255EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/10 1:6 a.m.4 views

EUVD-2026-1885

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. Since user IDs are assigned sequentially and predictably e.g., 1 to 1000, an attacker can extract a complete list of all users’ fu...

3.5CVSS6.4AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 2025/12/30 4:15 p.m.4 views

CVE-2025-64528

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...

6.3CVSS0.00242EPSS
Exploits0References4
OSV
OSV
added 2023/04/16 3:15 a.m.5 views

CVE-2022-30076

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...

5.3CVSS5.8AI score0.03543EPSS
Exploits4References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.1 views

SUSE CVE-2010-1617

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page...

4CVSS6.8AI score0.01525EPSS
Exploits0References4
Rows per page
Query Builder