Lucene search
+L

7 matches found

nvd
nvd
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47380

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS
Exploits0References1
cve
cve
added 2026/06/23 8:33 p.m.21 views

CVE-2026-47380

CVE-2026-47380 affects NocoDB. The vulnerability stems from an unknown-user sign-in path in auth.service.ts where the unknown-user branch returned without a password hash check, causing timing differences between known and unknown emails. This could enable network-positioned attackers to enumerat...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References1
osv
osv
added 2026/06/23 8:33 p.m.3 views

CVE-2026-47380 NocoDB: User Enumeration via Sign-In Timing

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS5.9AI score0.00197EPSS
Exploits0References3
osv
osv
added 2026/06/05 4:3 p.m.11 views

GHSA-JR54-JWHJ-55GP NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.18 views

PT-2026-46998

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description A timing difference exists in the sign-in response when using known versus unknown email addresses. This occurs because the unknown-user branch in the auth.service.ts file returns a response witho...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/02/04 3:15 a.m.7 views

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

7.5CVSS5.5AI score0.00413EPSS
Exploits1References1
cvelist
cvelist
added 2026/02/02 11:1 p.m.30 views

CVE-2026-25222 PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

6.3CVSS0.00413EPSS
Exploits1References2
Rows per page
Query Builder