CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE•added 2026/03/02 3:48 p.m.•7 views

CVE-2025-52469

Chamilo LMS prior to version 1.11.30 contains a logic vulnerability in the social network/ friend-request workflow that allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint, bypassing normal send/accept flows and even adding non-existent users. T...

7.1CVSS5.9AI score0.00043EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/03/02 3:48 p.m.•0 views

CVE-2025-52469

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal fl...

7.1CVSS5.9AI score0.00043EPSS

Exploits1References4Affected Software1

CVE•added 2025/09/03 2:25 p.m.•7 views

CVE-2025-9824

The CVE-2025-9824 issue stems from different login response times for existing versus non-existent users in Mautic, enabling user enumeration and potential brute-force attempts. Technical details describe that valid usernames trigger password hashing while invalid ones do not; the fix adds a Timi...

5.9CVSS6.4AI score0.00076EPSS

Exploits0References1

Microsoft CVE•added 2020/12/23 8:0 a.m.•1 views

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

...

10CVSS7AI score0.00444EPSS

Exploits0

Tenable Nessus•added 2019/08/12 12:0 a.m.•38 views

NewStart CGSL MAIN 4.05 : openssh Multiple Vulnerabilities (NS-SA-2019-0139)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh packages installed that are affected by multiple vulnerabilities: - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use th...

7.8CVSS7.1AI score0.90046EPSS

Exploits12References3

Amazon•added 2017/10/03 12:0 a.m.•73 views

Medium: openssh

Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...

7.8CVSS8.3AI score0.90046EPSS

Exploits23

Tenable Nessus•added 2017/09/08 12:0 a.m.•45 views

EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1189)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could...

5.9CVSS6.7AI score0.90046EPSS

Exploits12References2

Cent OS•added 2017/08/31 6:50 p.m.•117 views

openssh, pam_ssh_agent_auth security update

CentOS Errata and Security Advisory CESA-2017:2563 An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.9CVSS6.7AI score0.90046EPSS

Exploits12References7

RedHat Linux•added 2017/08/31 3:23 p.m.•2 views

openssh: User enumeration via covert timing channel

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses...

5.9CVSS7.2AI score0.90046EPSS

Exploits12References4

Positive Technologies•added 2017/08/28 12:0 a.m.•1 views

PT-2017-19316 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: A flaw was found in the error message sent as a response for non-existent users on the system. This could allow an attacker to enumerate valid accounts by searching for common usernames...

5.3CVSS5.3AI score0.16418EPSS

Exploits6References5

RedHat Linux•added 2017/08/01 2:11 p.m.•3 views

openssh: User enumeration via covert timing channel

5.9CVSS7.2AI score0.90046EPSS

Exploits12References4

RedHat Linux•added 2017/03/07 7:5 p.m.•0 views

tomcat: timing attack in Realm implementation

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

5.9CVSS7.3AI score0.00503EPSS

Exploits0References7

Broadcom•added 2016/12/14 12:0 a.m.•4 views

BSA-2016-195

Security Advisory ID : BSA-2016-195 Component : OpenSSH Revision : 2.0: Final sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by...

5.9CVSS9.2AI score0.90046EPSS

Exploits12

RedHat Linux•added 2010/03/29 12:0 p.m.•1 views

pam_krb5: Password prompt varies for existent and non-existent users

pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

5CVSS5.9AI score0.01775EPSS

Exploits0References4