Exploit for CVE-2026-44595

CVE-2026-44595 — YAMCS Unauthorized User Enumeration via IAM A...

GHSA-P2RJ-MRMC-9W29 Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints

Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...

CVE-2026-8144 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

CVE-2026-23721

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

OpenProject security vulnerabilities

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.0.1 and 16.6.5 had security vulnerabilities. These vulnerabilities stemmed from failed permission checks, which could allow users with viewing member permissions to enumerate all groups and...

EUVD-2013-1234

Malware in sbrugna...

EUVD-2010-3195

Malware in sbrugna...

CVE-2025-34220

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to...

CVE-2025-34220

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 25.1.102, which stems from a failure to authenticate the /api-gateway/identity/search-groups endpoint, which could allow a...

LDAP Active Directory - Group Enumeration

Binary data ldapenumgroup.nbin...

SilentHound - Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv recommended method sudo python3 -m pip install --user pipenv git clone https://github.com/layer8secure/SilentHound.git cd silenthound...

WinAPI User Hunter: hunter

WinAPI User Hunter During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user no matter how, always “assume compromise” in a Windows Domain and we want to spread laterally. We want to know where the user is logged on, if he...

Active Directory - Enumerate Users and Groups

Binary data adsienumusersandgroups.nbin...

PT-2013-2961 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A issue in the ISAKMP implementation allows remote attackers to enumerate groups via a series of IKE aggressive-mode messages, depending on whether...

Code injection

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service trap via vectors involving "special group and user enumeration."...

Microsoft Windows User Groups List

Using the supplied credentials it was possible to retrieve the list of groups each user belongs to. Groups are stored in the KB for further checks. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10894; scriptversion"1.20"; scriptnameenglish:"Microsoft Windows User...