9 matches found
CVE-2025-64528
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...
CVE-2025-64528
CVE-2025-64528 affects Discourse prior to versions 3.5.3, 2025.11.1, and 2025.12.0. An attacker who knows part of a username can discover the user and their full name via UI or API, even when enable_names is disabled. The issue is confirmed across multiple sources (NVD, Red Hat, OSV, OpenVAS, etc...
EUVD-2023-57497
Malicious code in bioql PyPI...
EUVD-2023-23796
Malicious code in bioql PyPI...
CVE-2023-45223
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to properly validate the "Show Full Name" option in some endpoints in Mattermost Boards, allowing members to obtain another...
CVE-2023-1562 Full name revealed via /plugins/focalboard/api/v2/users
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...
Moodle 信息泄露漏洞
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. There is a security vulnerability in moodle that stems from viewing the full name of another user without permission via the online use...
New Relic: Bypass of my two other reports #267636 + #255894 - (IDOR) Ability to see full name associated with other New Relic accounts
@jonbottarini discovered an issue where names associated with arbitrary existing email addresses can be revealed in the Alerts Notification Channel UI. As with similar previously-reported issues, this was resolved by obfuscating that information before it's presented...