ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

Buffalo LinkStation 安全漏洞

The Buffalo LinkStation is a home-use and small-office NAS device from the Japanese company Buffalo. There is a security vulnerability in the Buffalo LinkStation 1.85-0.01 version. This vulnerability stems from modifying the parameters in the /nasapi endpoint requests, which may lead to unvalidat...

EUVD-2026-16245

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

PT-2025-45141

Name of the Vulnerable Software and Affected Versions ownCloud Guests versions prior to 0.12.5 Description The application allows unauthenticated user enumeration through the /apps/guests/register/email/token API endpoint. Insufficient validation of the supplied token within the showPasswordForm...