Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/10/23 2:15 p.m.4 views

CVE-2025-11750

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

5.3CVSS7.1AI score0.00722EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/22 1:13 p.m.3 views

CVE-2025-11750 User Enumeration via Distinct Error Messages in langgenius/dify-web

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

4.3CVSS6.7AI score0.00722EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.4 views

PT-2025-43031

Name of the Vulnerable Software and Affected Versions langgenius/dify-web version 1.6.0 Description The authentication process in the software reveals whether user accounts exist by providing different error messages depending on whether a username or email is registered. Attempting to log in or...

5.3CVSS6.9AI score0.00722EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/29 12:0 a.m.2 views

CVE-2025-56764

Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a username exists or not by returning different error messages "Unknown user" vs. "Wrong password", allowing an attacker to enumerate valid usernames...

6.5AI score0.00244EPSS
Exploits1References2
OSV
OSV
added 2025/09/26 9:31 a.m.5 views

GHSA-W82P-R9VW-4RG5 WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

3.7CVSS6.8AI score0.00234EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2019/11/15 5:15 a.m.2 views

CVE-2019-18986

Pimcore before 6.2.2 allow attackers to brute-force guess valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users...

7.5CVSS7.3AI score0.01187EPSS
Exploits0References3
Rows per page
Query Builder