Lucene search
+L

2102 matches found

CVE
CVE
added 2 days ago17 views

CVE-2026-9202

CVE-2026-9202 affects IBM Langflow OSS versions 1.0.0–1.10.0. Unauthenticated attackers can create unlimited user accounts; if NEW_USER_IS_ACTIVE is true, new accounts are immediately active and can authenticate to reach RCE endpoints, bypassing AUTO_LOGIN. IBM CVSS v3.1 base score 9.8 (CRITICAL)...

9.8CVSS5.3AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2024-55667

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2024-23574

The CVE-2024-23574 entry concerns HCL Aftermarket EPC. The vulnerability is described as allowing brute-force attempts to guess or confirm valid users, indicating a credential-guessing issue with user authentication. The associated CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) yields a ba...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-44753

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS0.0022EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 10:17 p.m.8 views

CVE-2026-48492

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 9:11 p.m.4 views

CVE-2026-48492 Snipe-IT's selectlist visibility is too permissive

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS6.1AI score0.00385EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:45 a.m.6 views

PYSEC-2026-1451 User accounts disclosed to unauthenticated actors on the LAN

Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...

4.3CVSS6AI score0.00908EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:15 p.m.6 views

CVE-2026-12164

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

4.4CVSS5.9AI score0.00101EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:16 p.m.9 views

CVE-2026-13007

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are...

8.7CVSS0.00432EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:59 p.m.25 views

CVE-2026-13007

Tenable Identity Exposure exposes multiple unauthenticated API endpoints under /w/api/* that return sensitive configuration data (cleartext LDAP credentials, SAML config, user accounts, directory settings). Responses are served with Cache-Control: public and without Vary: Cookie, enabling reverse...

8.7CVSS5.9AI score0.00432EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:59 p.m.46 views

CVE-2026-13007 Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are...

8.7CVSS0.00432EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51549

Name of the Vulnerable Software and Affected Versions Tenable Identity Exposure affected versions not specified Description Multiple unauthenticated API endpoints under '/w/api/' expose sensitive application configuration data to remote attackers. The leaked information includes cleartext LDAP...

8.7CVSS7.2AI score0.00432EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 1:16 p.m.12 views

CVE-2026-56142

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...

9.9CVSS0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

QNAP file station 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory after obtaining...

8.7CVSS6.2AI score0.00292EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

QNAP file station 资源管理错误漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a security vulnerability in QNAP Systems File Station 6, which stems from unlimited resource allocation or throttling. This vulnerability could allow remote attackers to...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

QNAP Systems File Station 6 安全漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 6 has a security vulnerability that stems from improper authorization. This vulnerability could allow remote attackers to bypass intended access...

8.6CVSS5.4AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-12624

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS5.5AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-43881

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...

5.3CVSS5.4AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.15 views

CVE-2026-3595

The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/deletecustomer without a permissioncallback, causing...

5.3CVSS5.5AI score0.00441EPSS
Exploits0References1
Rows per page
Query Builder