Lucene search
K

1627 matches found

Nuclei
Nuclei
added yesterday50 views

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...

5.3CVSS6.2AI score0.0747EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday30 views

Usermin 2.100 - Username Enumeration

Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint. id: CVE-2024-44762 info: name: Usermin 2.100 - Username Enumeration author:...

5.3CVSS6.2AI score0.02621EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday23 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS6.1AI score0.00713EPSS
Exploits1
Nuclei
Nuclei
added yesterday26 views

Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration

Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration CVE-2022-28987. The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames. id: CVE-2022-28987 info: name: Zoho ManageEngine ADSelfServi...

5.3CVSS6.2AI score0.09705EPSS
Exploits1References2
NVD
NVD
added 5 days ago4 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS0.0036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS6AI score0.0036EPSS
Exploits0References3
NVD
NVD
added 6 days ago5 views

CVE-2026-44332

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...

5.3CVSS0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago42 views

CVE-2026-44332 Fiber: Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...

5.3CVSS0.00516EPSS
Exploits0References4
CVE
CVE
added 6 days ago22 views

CVE-2026-44332

Fiber’s Go-based web framework vulnerability CVE-2026-44332 affects the BasicAuth middleware’s default Authorizer prior to v3.3.0. The issue arises from short-circuit evaluation in the Authorizer: for non-existent usernames, the password hash check is skipped, enabling remote username enumeration...

5.3CVSS6AI score0.00516EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/02 1:46 p.m.9 views

GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...

8.3CVSS7.2AI score0.00696EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/02 1:46 p.m.4 views

GHSA-G5VH-55HW-RXM8 GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...

5.3CVSS5.9AI score0.00516EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55274

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Description The default Authorizer function in the BasicAuth middleware, located in middleware/basicauth/config.go, uses short-circuit evaluation when validating credentials. If a username does not exist, the syst...

5.3CVSS6AI score0.00516EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 6:18 p.m.4 views

GHSA-R4V7-6WCG-GHJ5 FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks

Summary The /api/auth/login endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerability...

6.5CVSS5.9AI score
Exploits0References4
Rockylinux
Rockylinux
added 2026/06/24 12:5 p.m.14 views

memcached security update

An update is available for memcached. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

8.1CVSS5.9AI score0.01312EPSS
Exploits0
OSV
OSV
added 2026/06/24 12:5 p.m.4 views

RLSA-2026:27842 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:3 p.m.9 views

memcached security update

An update is available for memcached. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

8.1CVSS5.9AI score0.01312EPSS
Exploits0
OSV
OSV
added 2026/06/24 12:3 p.m.5 views

RLSA-2026:27862 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

RockyLinux 10 : memcached (RLSA-2026:27842)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

RockyLinux 9 : memcached (RLSA-2026:27862)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

AlmaLinux 9 : memcached (ALSA-2026:27862)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLinu...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References3
Rows per page
Query Builder