CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

EUVD-2022-43589

Malicious code in bioql PyPI...

CVE-2024-29843 Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILEGETUSERSLIST, allowing for an unauthenticated attacker to enumerate all users and their access levels...

CVE-2022-38755

Vulnerability summary (CVE-2022-38755) : Micro Focus Filr versions prior to 4.3.1.1 are affected by a remote, unauthenticated user-enumeration flaw. Attackers can enumerate valid user accounts without authentication. The issue is confirmed across multiple sources (NVD/Red Hat/ CVE listings). Impa...

CVE-2022-40292

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

CVE-2022-40292 Unauthenticated username enumeration in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

Atlassian Jira Unauthenticated User Enumeration (CVE-2020-36289)

Binary data jiraCVE-2020-36289userenum.nbin...