NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

Astra Linux - уязвимость в chromium

The use of “after free” in the Sign-In process in Google Chrome before version 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through profile destruction. Chromium security severity: Medium...

CVE-2026-44392

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed...

CVE-2026-39322

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

EUVD-2026-19853

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /api routes, enabling account data access and...

CVE-2026-25222

PolarLearn (0-PRERELEASE-15 and earlier) contains a timing-attack vulnerability in the sign-in endpoint that allows unauthenticated attackers to enumerate registered email addresses by measuring response times. The server performs Argon2 hashing only if the user exists; existing users respond ~65...

CVE-2025-27416

CVE-2025-27416 affects the Scratch-Coding-Hut.github.io sign-in page. The vulnerability described states that the sign-in form allows a user to sign into another user’s account, implying an account-authentication/authorization issue on the website. As published, there is no available fix and a fi...

CVE-2025-27416 Asking For Scratch Username And Password

Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their account. As of time of publication, a fix is not...

The vulnerability of the Sign-In component in Google Chrome allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Sign-In component in Google Chrome relates to the ability to circumvent navigation restrictions. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created HTML page...

The vulnerability of the Sign-In component in Microsoft Edge and Google Chrome browsers allows a perpetrator to trigger a service failure.

The vulnerability of the Sign-In component in Microsoft Edge and Google Chrome browsers is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

UBUNTU-CVE-2022-0099

Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture...

Google Chrome 资源管理错误漏洞

Chrome is a simple and efficient web browsing tool developed by Google. A post-release reuse vulnerability exists in Sign-In in versions prior to Google Chrome 95.0.4638.69. An attacker could exploit this vulnerability to cause heap corruption via a crafted HTML page latently...

The vulnerability of the Sign-In component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.

The vulnerability of the Sign-In component in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code through a specially created web page...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Sign-In. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...