EUVD-2024-16187

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

CVE-2024-0391

The CVE-2024-0391 issue affects WSO2 products with the email OTP flow, where the check user account lock states validation fails, enabling attacker enumeration of registered usernames. This disclosure indicates that valid usernames can be inferred, which could facilitate targeted brute-force or s...

PT-2026-39580

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The check user account lock states feature within the email OTP flow fails to validate user input. This allows an attacker to infer whether specific user account...

RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory. - commons-fileupload: Arbitrary file upload via deserialization CVE-2013-2186 - stapler-adjunct-zeroclipboard: multiple cross-site...

ZKTeco ZKBioSecurity 安全漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains security vulnerabilities. These vulnerabilities stem from user enumeration, and could allow unverified attackers to discover valid usernames by submitting...

CVE-2005-1650

The web mail service in Woppoware PostMaster 4.2.2 build 3.2.5 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames...

BIT-DISCOURSE-2025-64528 Users are able to find users by name even when `enable_names` is off

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...

PT-2025-48802

Name of the Vulnerable Software and Affected Versions Nagvis Checkmk MultisiteAuth versions prior to 1.9.48 Description An unauthenticated attacker can enumerate Checkmk usernames. This issue affects the user enumeration functionality within the software. Recommendations Update to version 1.9.48 ...

EUVD-2010-0247

Malware in sbrugna...

EUVD-2021-25561

Malware in sbrugna...

EUVD-2009-2664

Malware in sbrugna...

EUVD-2013-4311

Malware in sbrugna...

EUVD-2022-52826

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-3023

software: kanboard 1.2.47 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.47-0.gitb57deb.4 affected versions kanboard-1.2.47-0.gitb57deb.4 CVE-ID: CVE-2025-52576 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Kanboard before version 1.2.46 allows existing usernames to be...

CVE-2023-34243

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct respon...

CVE-2009-2212

The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a 1 username or 2 password via unspecified vectors...

Information Exposure

Overview Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure due to observable...

Amazon AWS Identity and Access Management 安全漏洞

Amazon AWS Identity and Access Management Amazon AWS IAM is a web service from Amazon.com, Inc. that is used to securely control access to AWS services. A security vulnerability exists in Amazon AWS Identity and Access Management, which stems from variable response times in the user login process...

IBM TXSeries for Multiplatforms 安全漏洞

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1, which...

Unspecified vulnerability in vantage6 (CNVD-2024-07864)

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability previously existed in vantage6 version 4.2.0 that stemmed from the ability to find out a username from the response time of a login request...