27 matches found
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25138
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...
GHSA-38WQ-6Q2W-HCF9 Rucio WebUI has Username Enumeration via Login Error Message
Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...
EUVD-2026-8712
Rucio WebUI has Username Enumeration via Login Error Message...
Rucio 安全漏洞
Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from different error messages returned by the WebUI login endpoint, which could allow unverified...
CVE-2025-56423
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
EUVD-2025-198803
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
CVE-2025-56423
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
CVE-2025-56423
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
CVE-2025-56423
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
CVE-2025-58586
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...
CVE-2025-58586
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...
EUVD-2025-31223
Malicious code in bioql PyPI...
EUVD-2025-31613
Malicious code in bioql PyPI...
CVE-2025-56764
Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a username exists or not by returning different error messages "Unknown user" vs. "Wrong password", allowing an attacker to enumerate valid usernames...
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
CVE-2025-27451
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...
CVE-2024-44762
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...
GHSA-C967-2652-GFJM CasaOS Username Enumeration
Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error "User does not exist", If the...