Lucene search
K

27 matches found

Cvelist
Cvelist
added 2026/02/25 7:28 p.m.21 views

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

5.3CVSS0.00327EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 7:28 p.m.3 views

CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 7:28 p.m.4 views

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

5.3CVSS5.4AI score0.00327EPSS
Exploits1References5
OSV
OSV
added 2026/02/25 6:53 p.m.6 views

GHSA-38WQ-6Q2W-HCF9 Rucio WebUI has Username Enumeration via Login Error Message

Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References7
EUVD
EUVD
added 2026/02/25 6:53 p.m.5 views

EUVD-2026-8712

Rucio WebUI has Username Enumeration via Login Error Message...

5.3CVSS5.3AI score0.00327EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from different error messages returned by the WebUI login endpoint, which could allow unverified...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.6 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.7AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:31 p.m.5 views

EUVD-2025-198803

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.2AI score0.00272EPSS
Exploits0References3
OSV
OSV
added 2025/11/24 4:15 p.m.3 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.7 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.2 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

6.3AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2025/10/06 7:15 a.m.4 views

CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

5.3CVSS0.0034EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/10/06 7:2 a.m.5 views

CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31223

Malicious code in bioql PyPI...

3.7CVSS6.6AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2025-31613

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00244EPSS
Exploits1References2
OSV
OSV
added 2025/09/29 8:15 p.m.4 views

CVE-2025-56764

Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a username exists or not by returning different error messages "Unknown user" vs. "Wrong password", allowing an attacker to enumerate valid usernames...

5.3CVSS5.8AI score0.00244EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/26 7:52 a.m.2 views

CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

3.7CVSS6.4AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2025/07/03 12:15 p.m.4 views

CVE-2025-27451

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References6
OSV
OSV
added 2024/10/16 9:15 p.m.5 views

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...

5.3CVSS6.9AI score0.02621EPSS
Exploits5References1
OSV
OSV
added 2024/03/06 3:23 p.m.2 views

GHSA-C967-2652-GFJM CasaOS Username Enumeration

Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error "User does not exist", If the...

6.2CVSS6.3AI score0.00758EPSS
Exploits1References5
Rows per page
Query Builder