237 matches found
Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
CVE-2025-69413
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
CVE-2025-69413
Summary: Gitea before 1.25.2 exposes a behavioral difference in the /api/v1/user endpoint for failed authentication based on whether the username exists, as described for CVE-2025-69413. Affected software/component: Gitea prior to version 1.25.2; endpoint: /api/v1/user. Root cause / behavior: The...
PT-2026-1000
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2 Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the...
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.25.2, which stems from the /api/v1/user interface's response to failed authentication varies depending on whether the username exists or not, potentially...
EUVD-2020-30831
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new...
CVE-2020-36902
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ftgrp' parameter. Attackers can send a GET request to /html/user with 'ftgrp' set to integer value '3' to gain super admin rights without...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
memos vulnerability allows the creation of arbitrary accounts
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
EUVD-2025-201723
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...