CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/03/01 1:43 a.m.•7 views

CVE-2026-28288

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS

Exploits1References1

OSV•added 2026/02/27 8:25 p.m.•3 views

CVE-2026-28288 Dify has a user enumeration issue

6.9CVSS5.9AI score0.00635EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2021-30092

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00937EPSS

Exploits0References1

Vulnrichment•added 2025/08/23 6:43 a.m.•2 views

CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

9.8CVSS6AI score0.00714EPSS

Exploits0References2

Veracode•added 2024/06/13 12:4 p.m.•9 views

Improper Input Validation

org.keycloak:keycloak-services is vulnerable to Improper Input Validation. The vulnerability is due to the use of email as a username without checking for existing accounts, which can lead to the inability to reset or login with email for the user...

7.1AI score

Exploits0

OSV•added 2024/06/12 7:41 p.m.•2 views

GHSA-4VC8-PG5C-VG4X Keycloak's improper input validation allows using email as username

Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails...

3.7CVSS5.9AI score0.01773EPSS

Exploits1References6

Debian CVE•added 2022/01/31 8:20 p.m.•16 views

CVE-2022-21659

Removed by vendor...

5.3CVSS5.4AI score0.00953EPSS

Exploits0

OSV•added 2022/01/31 8:20 p.m.•29 views

CVE-2022-21659 Observable Response Discrepancy in Flask-AppBuilder

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

5.3CVSS5.1AI score0.00953EPSS

Exploits0References4

NVD•added 2021/01/06 3:15 p.m.•14 views

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

7.5CVSS7.6AI score0.01292EPSS

Exploits0References1

OSV•added 2021/01/06 3:15 p.m.•2 views

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

7.5CVSS7.1AI score0.01292EPSS

Exploits0References1

ATTACKERKB•added 2021/01/06 3:15 p.m.•2 views

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

7.5CVSS5.3AI score0.01292EPSS

Exploits0References2

Veracode•added 2018/05/28 5:46 a.m.•7 views

Timing Attack

Oak Core is vulnerable to timing attacks. Different responses are given for existing and non-existing user names from the server, allowing attackers to focus on guessing passwords for existing accounts...

6.7AI score

Exploits0