CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

Apache Shiro 安全漏洞

Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...

CVE-2025-61732 Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

CVE-2026-24664

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

CVE-2026-24664 Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

vLLM code issues and vulnerabilities

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Prior to vLLM 0.14.1, there were code-related vulnerabilities. These vulnerabilities stemmed from differences in the interpretation of backslashes by variou...

CVE-2025-22234

CVE-2025-22234 is associated with Spring Security’s timing-attack mitigation in DaoAuthenticationProvider. The described issue states that the fix applied in CVE-2025-22228 accidentally broke the mitigation, enabling an attacker to infer usernames or authentication behavior via response-time diff...

SUSE CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

A Longitudinal Measurement Study of Log4Shell Exploitation from an Active Network Telescope

The disclosure of the Log4Shell vulnerability in December 2021 led to an unprecedented wave of global scanning and exploitation activity. A recent study provided important initial insights, but was largely limited in duration and geography, focusing primarily on European and U.S. network telescop...

CVE-2024-55374

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts...

Emoji-Based Jailbreaking of Large Language Models

Large Language Models LLMs are integral to modern AI applications, but their safety alignment mechanisms can be bypassed through adversarial prompt engineering. This study investigates emoji-based jailbreaking, where emoji sequences are embedded in textual prompts to trigger harmful and unethical...

CVE-2024-55374

REDCap 14.3.13 is affected by a username-enumeration vulnerability caused by an observable discrepancy between login attempts. The issue allows an attacker to enumerate valid usernames. Public details on exploitability, affected versions beyond 14.3.13, and a confirmed fix are not provided in the...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.3.13 that stems from an observable difference between login attempts and could lead an attacker to enumerate usernames...

CVE-2023-53943

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

UBUNTU-CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

CVE-2025-66567

The CVE-2025-66567 issue affects ruby-saml, where versions up to and including 1.12.4 implement a SAML SSO client but contain an authentication bypass due to an incomplete fix for CVE-2025-25292. The root cause is a parser differential: ReXML and Nokogiri parse XML differently, producing differen...

CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...

GHSA-9V8J-X534-2FX3 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...

Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...