CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

CVE-2026-25138

CVE-2026-25138 concerns Rucio’s WebUI where, prior to versions 35.8.3, 38.5.4, and 39.3.1, the login endpoint leaks distinct error messages indicating whether a username exists, enabling unauthenticated enumeration. The issue is mitigated by upgrading to 35.8.3, 38.5.4, or 39.3.1, which include t...

EUVD-2026-8712

Rucio WebUI has Username Enumeration via Login Error Message...

GHSA-38WQ-6Q2W-HCF9 Rucio WebUI has Username Enumeration via Login Error Message

Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from different error messages returned by the WebUI login endpoint, which could allow unverified...

CVE-2026-24127

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

CVE-2026-24127

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

CVE-2026-24127 Typemill has Reflected XSS via login error view template

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

CVE-2026-24127

CVE-2026-24127 pertains to Typemill, a flat-file CMS. A reflected XSS vulnerability exists in the login error view template login.twig affecting versions 2.19.1 and earlier, where the username value is echoed back without proper contextual encoding during failed authentication. This could allow a...

CVE-2026-24127 Typemill has Reflected XSS via login error view template

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

CVE-2026-24127

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting XSS exists in the login error view template login.twig of versions 2.19.1 and below. The username value can be echoed back without proper contextual encoding when...

PT-2026-4535

Name of the Vulnerable Software and Affected Versions Typemill versions 2.19.1 and below Description Typemill is a flat-file, Markdown-based CMS for informational documentation websites. A reflected Cross-Site Scripting XSS issue exists in the login error view template login.twig. The username...

CVE-2020-36875

AccessAlly WordPress plugin

PT-2026-1686

Name of the Vulnerable Software and Affected Versions AccessAlly versions prior to 3.3.2 Description The AccessAlly WordPress plugin contains a flaw where the login error parameter in the Login Widget is treated as PHP code. This allows a remote attacker to execute arbitrary PHP code within the...

WordPress plugin AccessAlly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

EUVD-2025-201846

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

CVE-2025-42896

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...