CVE-2025-66225

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset...

EUVD-2024-53442

Malicious code in bioql PyPI...

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

CVE-2025-54834

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

CVE-2023-38428

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read...

CVE-2024-56841

A vulnerability has been identified in Mendix LDAP All versions V1.1.2. Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification...

CVE-2024-56841

CVE-2024-56841 affects Mendix LDAP module (all versions

CVE-2024-56841

A vulnerability has been identified in Mendix LDAP All versions V1.1.2. Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification...

PT-2024-36340 · Kurmi · Kurmi Provisioning Suite

Name of the Vulnerable Software and Affected Versions: Kurmi Provisioning Suite versions prior to 7.9.0.35 Kurmi Provisioning Suite versions 7.10.x through 7.10.0.18 Kurmi Provisioning Suite versions 7.11.x through 7.11.0.15 Description: An issue was discovered in the sendPasswordReinitLink actio...

Symphony Communication ServicesHp Symphony 安全漏洞

Symphony Communication ServicesHp Symphony is a solution from Symphony Communication ServicesHp, Inc. for connecting and liquefying financial transaction workflows. A security vulnerability exists in Symphony Communication ServicesHp Symphony that stems from the fact that when using a persistent...

D-Link DAP-2622 安全漏洞

D-Link DAP-2622 is a wireless access point AP from AUO D-Link that supports POE power supply and is mainly used for wireless network coverage in enterprise or commercial scenarios. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability, which stems from a...

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

Improper Input Validation

org.apache.streampark:streampark is vulnerable to Improper Input Validation. The vulnerability exists because the resetPassword function of UserServiceImpl.java does not properly verify whether the user name is the currently logged in user and whether the user is legal, which allows a malicious...

CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...

June 9, 2020—KB4561605 (OS Build 15063.2409)

June 9, 2020—KB4561605 OS Build 15063.2409 Current status of Windows 10, version 1703 Windows 10, version 1703 has reached end of service for all editions. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 . Surface Hub devices...

CentOS Web Panel Information Disclosure Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A security vulnerability exists in CWP version 0.9.8.846. An attacker can exploit the vulnerability by reading the HTTP response to check for a valid username...

Nmap NSE 6.01: smb-brute

Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. Every attempt will be made to get a valid list of users and to verify each username before actually using them. When a username is discovered, besides being printed, it is also sav...

Kerberos information leak

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...