Lucene search
K

141 matches found

Snyk
Snyk
added 2025/05/28 5:43 p.m.1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to differences in response times for existing and non-existing users in the password reset functionality. An attacker can determine the existence of usernames by observing the time it takes for the server to respond...

6.9CVSS7AI score0.00267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.8 views

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

5.3CVSS6.8AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.11 views

CVE-2024-8651

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS5.3AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:46 a.m.6 views

CVE-2023-31286

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS6.8AI score0.01011EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.5 views

CVE-2023-5254

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

5.3CVSS5.8AI score0.00767EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:43 a.m.6 views

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

5.3CVSS6.8AI score0.01098EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/06 4:38 p.m.1 views

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Web.BackOffice to versi...

6.9CVSS6.8AI score0.00306EPSS
Exploits0References2
CVE
CVE
added 2025/03/21 12:0 a.m.68 views

CVE-2025-30344

OpenSlides before 4.2.5 is affected by a timing-side channel vulnerability in /system/auth/login/. The response time differs depending on whether a user exists because password hashing is omitted in login handling, enabling potential information disclosure. The documented impact is a low-to-mediu...

5.3CVSS7.1AI score0.00297EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/11 1:15 a.m.10 views

CVE-2025-23193

SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.8 views

PT-2025-6126 · Sap · Sap Netweaver Abap Server

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Server ABAP versions prior to the fixed version Description: The issue allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user,...

5.3CVSS6.9AI score0.00323EPSS
Exploits0References8
Snyk
Snyk
added 2025/01/01 6:30 a.m.2 views

Timing Attack

Overview django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party social account authentication. Affected versions of this package are vulnerable to Timing Attack in the AuthenticationBackend.authenticatebyemail...

6.9CVSS7AI score
Exploits0References3
CVE
CVE
added 2024/10/24 9:25 p.m.88 views

CVE-2024-49358

ZimaOS (fork of CasaOS) prior to and including 1.2.4 is affected by CVE-2024-49358 due to an API behavior at /v1/users/login that reveals whether a username exists, enabling username enumeration. This is a network-facing issue with CVSS 5.3 (MEDIUM); no patched versions are publicly available per...

5.3CVSS5.2AI score0.00463EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/19 5:15 p.m.6 views

CVE-2024-8651

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

5.3CVSS5.8AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/09/19 5:15 p.m.28 views

CVE-2024-8651

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS0.00427EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 4:30 p.m.46 views

CVE-2024-8651

CVE-2024-8651 — NetCat CMS: user enumeration involves a vulnerability where an attacker can send a specially crafted HTTP request to check whether a user exists in the system. Affected are NetCat CMS versions around 6.4.0.24126.2 up to 6.4.0.24247, with a patch available starting from 6.4.0.24248...

6.9CVSS5.3AI score0.00427EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.12 views

PT-2024-39150 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to send a specially crafted HTTP request to check whether a user exists in the system. This issue could be a basis for further...

6.9CVSS6.6AI score0.00427EPSS
Exploits0References8
NVD
NVD
added 2024/07/01 5:15 p.m.26 views

CVE-2024-36996

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt t...

5.3CVSS0.00354EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 5:15 p.m.4 views

CVE-2024-36996

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt t...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References1
CVE
CVE
added 2024/07/01 4:30 p.m.88 views

CVE-2024-36996

CVE-2024-36996 affects Splunk Enterprise and Splunk Cloud Platform where SAML is enabled. Affected: Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10; Splunk Cloud Platform below 9.1.2312.109. An attacker could learn whether another user exists by deciphering the login error response, ena...

5.3CVSS5.3AI score0.00354EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.6 views

PT-2024-20486 · Cdex · Cdex

Name of the Vulnerable Software and Affected Versions: CDeX application versions through 5.7.1 Description: This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

8CVSS6.8AI score0.00598EPSS
Exploits0References5
Rows per page
Query Builder