EUVD-2026-38172

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs by observing response discrepancies. Attackers can probe without authentication to distinguish valid job ...

CVE-2026-6207

CVE-2026-6207 is rejected and not an active vulnerability entry.

CVE-2026-45294

FreeScout (PHP/Laravel) before version 1.8.219 is vulnerable. The password reset endpoint returns visually distinct responses based on whether the submitted email belongs to an existing user, enabling unauthenticated enumeration of valid helpdesk agent email addresses. Root cause: inadequate obfu...

CVE-2026-24468 OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...

SonicWALL SMA1000 安全漏洞

SonicWALL SMA1000 is a series of security mobile access solutions developed by the American company SonicWALL. It simplifies end-to-end secure remote access for enterprise resources across local, cloud, and hybrid data centers. There is a security vulnerability in SonicWall SMA1000, which stems...

PT-2026-29529

The login mechanism of Sage DPW 2021 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behavior in newer versions...

CVE-2025-13460

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

CVE-2026-24097

The CVE affects Checkmk: vulnerable in 2.4.0 prior to 2.4.0p23 and 2.3.0 prior to 2.3.0p43 (2.2.0 is EOL). The issue is improper permission enforcement in the agent-receiver/register_existing endpoint, enabling authenticated users to enumerate existing hosts by observing differences in HTTP respo...

OpenText Vertica 安全漏洞

OpenText Vertica is a relational database management system RDBMS from OpenText Canada. It can efficiently store massive amounts of data. There are security vulnerabilities in OpenText Vertica versions 10.X and earlier, as well as versions 11.X and earlier, and 12.X and earlier. These...

dify 安全漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.9.0 contained security vulnerabilities. These vulnerabilities were caused by differences in API responses, which could lead to the enumeration of registered email addresses...

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

CVE-2026-24664

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

CVE-2026-24664 Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

CVE-2023-53943

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

Age verification and parental controls coming to ChatGPT to protect teens

OpenAI is going to try and predict the ages of its users to protect them better, as stories of AI-induced harms in children mount. The company, which runs the popular ChatGPT AI, is working on what it calls a long-term system to determine whether users are over 18. If it can't verify that a user ...

eSoft Planner 安全漏洞

eSoft Planner is a scheduling software for managing sports facilities from eSoft Planner, Inc. A security vulnerability exists in eSoft Planner version 3.24.08271-USA that stems from a discrepancy in the response of valid and invalid email accounts, which could allow an attacker to enumerate vali...

Loway QueueMetrics 安全漏洞

Loway QueueMetrics is a tool from Loway that allows you to automate the installation of a pre-configured QueueMetrics system on the most common Asterisk distributions. A security vulnerability exists in Loway QueueMetrics versions 17.06.1 through 22.02.11 that stems from the presence of observabl...

CVE-2023-50306

IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337...