Lucene search
+L

27 matches found

CVE
CVE
added yesterday11 views

CVE-2026-16076

AstrBot up to version 4.25.5 is affected by CVE-2026-16076. The vulnerability occurs in OpenApiRoute.chat_send (astrbot/dashboard/routes/open_api.py) where manipulation of the Username argument leads to authentication bypass by spoofing. The issue is exploitable remotely, the exploit is publicly ...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-16076

A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chatsend of the file astrbot/dashboard/routes/openapi.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to...

6.5CVSS6.1AI score0.00291EPSS
Exploits0References5Affected Software1
NVD
NVD
added 5 days ago5 views

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS0.00239EPSS
Exploits0References7
CVE
CVE
added 5 days ago13 views

CVE-2026-62644

This CVE (CVE-2026-62644) affects Roundcube Webmail prior to 1.6.17 and 1.7.x prior to 1.7.2. The vulnerability lies in the password plugin, where session data usability allowed username spoofing, potentially enabling account takeover. The bases of impact are high for confidentiality and integrit...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References7
OSV
OSV
added 5 days ago3 views

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References9
OSV
OSV
added 2026/03/05 9:59 p.m.8 views

CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...

6.9CVSS6.6AI score0.0021EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-1407

Malware in sbrugna...

5CVSS6.4AI score0.01604EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-0318

Malware in sbrugna...

5CVSS6.4AI score0.03281EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 12:9 p.m.10 views

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...

5CVSS6.9AI score0.0207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:38 p.m.10 views

CVE-2005-1404

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the 1 nbuser parameter to post.php or 2 sender parameter to privmsg.php...

5CVSS7.1AI score0.01604EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.4 views

Authd 安全漏洞

Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.3.6 that stems from insufficient randomization of user IDs to prevent conflicts, allowing a local attacker with a registered username to spoo...

7.5CVSS7AI score0.00281EPSS
Exploits1References4
CVE
CVE
added 2022/08/26 3:25 p.m.113 views

CVE-2021-3754

CVE-2021-3754 affects Keycloak (and Red Hat SSO) where improper input validation allows a user to register with a username identical to an existing user’s email. Root cause: usernames are evaluated before emails, enabling email-as-username misuse. Impact documented in advisories includes password...

5.3CVSS5.1AI score0.01843EPSS
Exploits1References2Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/21 11:20 p.m.30 views

Username spoofing in OnionShare

Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-005 - Vulnerability type: Improper Input Sanitization -...

4.3CVSS0.6AI score0.00708EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/18 7:55 p.m.5 views

CVE-2022-21696 Username spoofing in OnionShare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

4.3CVSS7.1AI score0.00708EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/18 7:55 p.m.26 views

CVE-2022-21696 Username spoofing in OnionShare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

4.3CVSS4.9AI score0.00708EPSS
Exploits0References2
OSV
OSV
added 2017/09/11 4:29 p.m.3 views

DEBIAN-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

6.5CVSS6.9AI score0.02472EPSS
Exploits2References1
OSV
OSV
added 2017/01/27 8:30 p.m.9 views

MGASA-2017-0024 Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

7.8CVSS7.5AI score0.00409EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.39 views

HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a...

10CVSS6.5AI score0.03568EPSS
Exploits11
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

Linux-PAM 0.77 Pam_Wheel Module getlogin() Username Spoofing Privileged Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7929/info A vulnerability has been discovered in the Linux-Pam pamwheel module. The problem exists in the way the module authenticates users under certain configurations. Specifically, if the module is configured to allow...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/24 12:0 a.m.69 views

Syhunt: HFS &#40;HTTP File Server&#41; Username Spoofing and Log Forging/Injection Vulnerability

Syhunt: HFS HTTP File Server Username Spoofing and Log Forging/Injection Vulnerability Advisory-ID: 200801163 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 1.5g to and including 2.3Beta Build 174; and possibly HFS version 1.5f Non-Affected Applications: HFS 1.5e and...

6.4CVSS6.6AI score0.01707EPSS
Exploits7
Rows per page
Query Builder