Lucene search
+L

237 matches found

Github Security Blog
Github Security Blog
added 2026/01/01 6:30 a.m.8 views

Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/01/01 4:55 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS7AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS7AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS7AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS7AI score0.00356EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/01 4:55 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

6.9CVSS6.6AI score0.00356EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/01/01 4:39 a.m.4 views

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References4
CVE
CVE
added 2026/01/01 4:39 a.m.24 views

CVE-2025-69413

Summary: Gitea before 1.25.2 exposes a behavioral difference in the /api/v1/user endpoint for failed authentication based on whether the username exists, as described for CVE-2025-69413. Affected software/component: Gitea prior to version 1.25.2; endpoint: /api/v1/user. Root cause / behavior: The...

5.3CVSS6.8AI score0.00356EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-1000

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2 Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the...

5.3CVSS6.7AI score0.00356EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/01 12:0 a.m.9 views

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.25.2, which stems from the /api/v1/user interface's response to failed authentication varies depending on whether the username exists or not, potentially...

5.3CVSS6.6AI score0.00356EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/10 9:31 p.m.6 views

EUVD-2020-30831

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new...

8.6CVSS6.3AI score0.00265EPSS
Exploits1References5
NVD
NVD
added 2025/12/10 9:16 p.m.8 views

CVE-2020-36902

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ftgrp' parameter. Attackers can send a GET request to /html/user with 'ftgrp' set to integer value '3' to gain super admin rights without...

9.8CVSS0.0103EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.5 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.9 views

memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2025/12/08 6:30 p.m.7 views

EUVD-2025-201723

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.3AI score0.00223EPSS
Exploits1References5
Rows per page
Query Builder