CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Cvelist•added 2026/05/28 9:23 p.m.•29 views

CVE-2026-45410 Time-based user enumeration in TREK authentication endpoint

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before...

5.3CVSS0.00205EPSS

Exploits0References2

Vulnrichment•added 2026/05/28 9:23 p.m.•8 views

CVE-2026-45410 Time-based user enumeration in TREK authentication endpoint

5.3CVSS5.8AI score0.00205EPSS

Exploits0References2

CNNVD•added 2026/02/21 12:0 a.m.•7 views

Static Web Server 安全漏洞

Static Web Server is a static web server developed by the German company Static Web Server. Versions 2.1.0 to 2.40.1 of Static Web Server contain security vulnerabilities. These vulnerabilities stem from time-based username enumeration in basic authentication, which may lead to brute-force attack...

5.3CVSS5.8AI score0.00349EPSS

Exploits1References2

OSV•added 2026/02/10 10:2 a.m.•2 views

BIT-PRESTASHOP-2026-25597 PrestaShop has a time based enumeration in FO login form

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

5.3CVSS5.6AI score0.00269EPSS

Exploits0References4

RedhatCVE•added 2026/02/08 1:22 a.m.•14 views

CVE-2026-25597

5.3CVSS5.4AI score0.00269EPSS

Exploits0References1

NVD•added 2026/02/06 9:16 p.m.•3 views

CVE-2026-25597

5.3CVSS0.00269EPSS

Exploits0References3

Vulnrichment•added 2026/02/06 8:47 p.m.•5 views

CVE-2026-25597 PrestaShop has a time based enumeration in FO login form

5.3CVSS5.6AI score0.00269EPSS

Exploits0References3

EUVD•added 2026/02/06 8:47 p.m.•5 views

EUVD-2026-5580

5.3CVSS5.5AI score0.00269EPSS

Exploits0References3

CVE•added 2026/02/06 8:47 p.m.•15 views

CVE-2026-25597

Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...

5.3CVSS5.5AI score0.00269EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/06 8:47 p.m.•32 views

CVE-2026-25597 PrestaShop has a time based enumeration in FO login form

5.3CVSS0.00269EPSS

Exploits0References3

OSV•added 2026/02/06 8:47 p.m.•7 views

CVE-2026-25597 PrestaShop has a time based enumeration in FO login form

5.3CVSS5.5AI score0.00269EPSS

Exploits0References5

CNNVD•added 2026/02/06 12:0 a.m.•3 views

PrestaShop 安全漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. There were security vulnerabilities in versions of PrestaShop before 8.2.4 and...

5.3CVSS5.8AI score0.00269EPSS

Exploits0References4

OSV•added 2026/02/03 9:13 p.m.•6 views

GHSA-67V7-3G49-MXH2 PrestaShop affected by time based enumeration in FO login form

Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. Patches 8.2.4 and 9.0.3 Workarounds none References Found by L...

5.3CVSS5.5AI score0.00269EPSS

Exploits0References5

Github Security Blog•added 2026/02/03 9:13 p.m.•11 views

PrestaShop affected by time based enumeration in FO login form

5.3CVSS5.5AI score0.00269EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-6377

5.3CVSS5.5AI score

Exploits0References5

Positive Technologies•added 2025/09/09 12:0 a.m.•5 views

PT-2025-36921

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.128 Liferay DXP versions 2023.Q4.0 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.1 Liferay Portal...

6.9CVSS6.3AI score0.00285EPSS

Exploits0References11

Kitploit•added 2022/01/03 11:30 a.m.•15 views

Msmailprobe - Office 365 And Exchange Enumeration

Office 365 and Exchange Enumeration It is widely known that OWA Outlook Webapp is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for...

7.1AI score

Exploits0References6

OSV•added 2019/12/30 6:15 p.m.•0 views

CVE-2019-19805

accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...

5.3CVSS6.1AI score

Exploits0References1

Metasploit•added 2018/11/30 5:36 p.m.•18 views

Vulnerable domain identification

Identifying potentially vulnerable Exchange endpoints //usr/bin/env go run "$0" "$@"; exit "$?" package main import "metasploit/module" "msmail" "net" "strings" func main metadata := &module.Metadata Name: "Vulnerable domain identification", Description: "Identifying potentially vulnerable Exchan...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by