PT-2026-29543

The login mechanism of Sage DPW 2025 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behaviour in newer versions...

CVE-2026-30876

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

GHSA-QHP6-635J-X7R2 Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames

Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...

Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames

Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

EUVD-2008-6734

Malware in sbrugna...

EUVD-2020-5549

Malware in sbrugna...

EUVD-2010-0017

Malware in sbrugna...

EUVD-2017-9517

Malware in sbrugna...

User Enumeration

mautic/core is vulnerable to user enumeration. The vulnerability is due to differing response times between valid and invalid usernames, which allows an attacker to enumerate valid accounts and subsequently attempt brute-force attacks...

Linux Distros Unpatched Vulnerability : CVE-2020-13289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activate...

CVE-2020-28918

DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message...

CVE-2017-18401

cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats SEC-334...

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

PT-2023-30310 · Unknown · Urbackup Server

Name of the Vulnerable Software and Affected Versions: UrBackup Server version 2.5.31 Description: The issue allows for brute-force enumeration of user accounts. This is possible because a failure message confirms when a username is not valid. Recommendations: For UrBackup Server version 2.5.31,...

UrBackup Security Vulnerability

UrBackup is an open source backup and recovery system for multiple platforms. A security vulnerability exists in UrBackup Server version 2.5.31, which stems from a failure message that confirms an invalid username and can be exploited by an attacker to brute force enumerate user accounts...

SUSE CVE-2007-5939

The gssuserok function in appl/ftp/ftpd/gssuserok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is...

SUSE CVE-2016-0798

Memory leak in the SRPVBASEgetbyuser implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory consumption by providing an invalid username in a connection attempt, related to apps/sserver.c and crypto/srp/srpvfy.c...

SUSE CVE-2017-18248

The addjob function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification...

User Enumeration

Description The migrate-email endpoint is requiring Email, Username, and Password parameter. The Username parameter value will be queried to userManager.Users and will returning data to user variable, if user variable contain null value, the application will return bad request with "Invalid...