CVE-2018-25350 userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...

CVE-2018-25350 userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...

CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

CVE-2025-49187 User enumeration

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

SUSE CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

DEBIAN-CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from a login failure with a non-existing username that has a different execution tim...

CVE-2023-3266

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an...

CVE-2022-33996

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user...

Sales & Company Management System Privilege Permission and Access Control Vulnerability

Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A privilege permission and access control vulnerability exists in SCMS 2018-06-06 and prior versions, which can be...

Denial Of Service (DoS)

genix/cms is vulnerable to denial of service DoS attacks. A malicious user can attempt to register with a pre-existing username by appending the...

UBUNTU-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...