CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

FormaLMS 安全漏洞

FormaLMS is an open-source learning management system developed by Forma.association. It is designed to meet specific needs related to corporate training. Versions of FormaLMS prior to 4.1.18 contained a security vulnerability. This vulnerability stemmed from the password recovery function, which...

CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...

EUVD-2022-27502

Malicious code in bioql PyPI...

CVE-2022-34779

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2020-35952

login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...

CVE-2019-16669

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts...

CVE-2025-30426

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps...

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met...

Updated python-django packages fix security vulnerabilities

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. CVE-2024-38875 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. T...

MGASA-2025-0039 Updated python-django packages fix security vulnerabilities

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. CVE-2024-38875 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. T...

PT-2025-2624 · Hcl · Hcl Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue allows a malicious user to perform enumeration of application users, compiling a list of valid usernames through a username enumeration vulnerability. Recommendations: At t...

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

SUSE CVE-2017-15110

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students...

CVE-2022-41414

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages...

Lack of ratelimit on public DAV endpoint

None...

Mersive Solstice Pod Security Vulnerability

Mersive Solstice Pod is a software application for conference screen sharing from Mersive USA. A security vulnerability exists in versions prior to Solstice Pod 3.3.0 or Open4.3, which can be exploited to enumerate screen keys using a strong attack via the lookin info winter to the Open Control...

User enumeration with error messages - ownCloud

This issue occurs at sending a password reset E-Mail, where a difference in error messages could allow an attacker to determine if the username is valid or not Affected Software ownCloud Server 9.1.3 CVE-2017-5865 core/d2f47acb38675d2798fe9e9b6294981f24613d40 ownCloud Server 9.0.7 CVE-2017-5865...

CVE-2011-4894

Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections...

OpenBSD 3.x - PF RDR Network Information Leakage

OpenBSD 3.x - PF RDR Network Information Leakage source: https://www.securityfocus.com/bid/8082/info OpenBSD PF is prone to an information leakage vulnerability when configured to redirect incoming traffic from standard ports to high ports. This occurs because PF responds different to packets...