Lucene search
K

3113 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
Nuclei
Nuclei
added 15 hours ago96 views

TerraMaster TOS < 4.2.06 - User Enumeration

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...

5.3CVSS6.2AI score0.18066EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago48 views

Jira - Incorrect Authorization

Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access. id: CVE-2019-3403...

5.3CVSS6.5AI score0.52637EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago74 views

Thinfinity VirtualUI User Enumeration

Thinfinity VirtualUI before v3.0, /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users Administrator, Guest, etc. id: CVE-2021-44848 info: name: Thinfinity VirtualUI User Enumeration author: danielmofer severity: medium...

5.3CVSS6.2AI score0.23141EPSS
Exploits4References5
Nuclei
Nuclei
added 15 hours ago34 views

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS6.1AI score0.0203EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago13 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS6.1AI score0.00648EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago24 views

NocoDB - User Enumeration

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3. id: CVE-2026-28358 info: name: NocoDB -...

6.9CVSS6AI score0.00601EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago14 views

Piwigo - User Enumeration via Password Reset

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS6.1AI score0.00766EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago27 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS7AI score0.00847EPSS
Exploits3References3
Nuclei
Nuclei
added 15 hours ago42 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS6.3AI score0.20196EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago44 views

iTop - User Enumeration via REST Endpoint

From the webservices/rest.php file, several operations are accessible from an unauthenticated user. One of them is doresetpwd, allowing to reset a user password. This feature can be abused to perform user enumeration when a non-existent user is provided. id: CVE-2024-51739 info: name: iTop - User...

7.5CVSS7AI score0.01259EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago69 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS6.1AI score0.00635EPSS
Exploits1References2
NVD
NVD
added 2 days ago6 views

CVE-2026-12103

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43159

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-12103 Wallet for WooCommerce <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) User/Email Enumeration via terawallet_export_user_search AJAX Action

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
CVE
CVE
added 2 days ago10 views

CVE-2026-12103

CVE-2026-12103 affects the Wallet for WooCommerce WordPress plugin (

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
NVD
NVD
added 3 days ago6 views

CVE-2026-58503

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS0.00354EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57334

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.16.0 Frappe versions prior to 15.106.0 Description User enumeration is possible through the 'reset password' endpoint. User enumeration is a technique used to verify if a specific user exists within a system by...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS0.00297EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-59206

n8n is affected by a prototype pollution vulnerability in which an authenticated user with the default workflow:create permission could pollute Object.prototype via a crafted workflow saved, updated, or imported through the workflow API. This corruption could cause unauthenticated requests to be ...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder