CVE-2026-50213

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

CVE-2026-50213

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

CVE-2026-50213 Bulk User Private Data Harvesting

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

EUVD-2026-34225

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

Anchor: Program<'info, System> is not properly validated

Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. Details In the TryFrom implementation for Program, the id of T is compar...

CVE-2026-23511

CVE-2026-23511 affects Zitadel, an open source identity management platform. A user enumeration flaw in login interfaces allows an unauthenticated attacker to verify the existence of valid user accounts by iterating through usernames and userIDs. The issue is present in multiple versions prior to...

CVE-2001-1528

AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack...

EUVD-2018-18987

Malware in sbrugna...

EUVD-2025-10290

Malicious code in bioql PyPI...

EUVD-2022-49191

Malicious code in bioql PyPI...

CVE-2022-46382

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the...

Ash Authentication 访问控制错误漏洞

Ash Authentication is an Ash authentication framework open-sourced by Alembic. An access control error vulnerability exists in Ash Authentication versions prior to 4.7.0 that originates in the GET request validation process and could lead to automatic account validation...

CVE-2024-1665

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-1665

This CVE ID is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-26268

The CVE-2024-26268 issue is a user enumeration vulnerability in Liferay Portal (7.2.0–7.4.3.26) and older unsupported versions, and in Liferay DXP 7.4 before update 27, 7.3 before update 8, and 7.2 before fix pack 20. The root cause is that an attacker can infer whether an account exists by measu...

CVE-2023-35154 Knowage-Server vulnerable to account validation bypass

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

CVE-2023-35154 Knowage-Server vulnerable to account validation bypass

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

Authentication flaw

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

CVE-2023-3128

CVE-2023-3128 affects Grafana when using Azure AD OAuth with multi-tenant apps. The issue arises because the Azure AD profile email field is not unique and can be modified, allowing an attacker to bypass authentication and potentially take over accounts by exploiting how Grafana validates Azure A...

Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...