CVE-2026-56253

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

CVE-2026-45620

Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

GHSA-6RVW-7P8V-MJFQ AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

Summary objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller including unauthenticated visitors, which defeats the admin-only guard...

VulnCheck KEV: CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

PT-2025-49834

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...

Linux Distros Unpatched Vulnerability : CVE-2025-39665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames. CVE-2025-39665 Note...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

EUVD-2025-37881

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

guests 安全漏洞

guests is a file sharing program open-sourced by ownCloud. A security vulnerability exists in guests prior to version 0.12.5, which stems from insufficient token validation in showPasswordForm and could lead to unauthenticated user enumeration...

Linux Distros Unpatched Vulnerability : CVE-2023-41323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

PT-2023-21066 · Netapp · Ontap Mediator

Name of the Vulnerable Software and Affected Versions: ONTAP Mediator versions prior to 1.7 Description: The issue allows an unauthenticated attacker to enumerate URLs via the REST API. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the issue. As a temporary...

UBUNTU-CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

CVE-2022-38755

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prio...

GHSA-Q9X4-Q76F-5H5J Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...

MB CONNECT LINE mbCONNECT24和MB CONNECT LINE mymbCONNECT24 安全漏洞

Mb Connect Line MB CONNECT LINE mbCONNECT24 and MB CONNECT LINE mymbCONNECT24 are products of MB CONNECT LINE Mb Connect Line, Germany.MB CONNECT LINE mbCONNECT24 is a set of Remote Service Portal. It supports remote access, data logging and alarms. MB CONNECT LINE mymbCONNECT24 is an in-house...

PT-2021-11996 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.13 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.5 Atlassian Jira Server and Data Center versions 8.14.0 through 8.15.1 Description: The issue allows an...