Lucene search
K

28 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-58503

Frappe CVE-2026-58503 affects the reset_password endpoint, allowing unauthenticated user enumeration prior to versions 16.16.0 and 15.106.0. The issue is mitigated by the fixes introduced in 16.16.0 and 15.106.0. The CVSS metrics (v4.0) indicate NETWORK access with low attack complexity and no pr...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-58503 Frappe: Unauthenticated User Enumeration via reset_password

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS0.00354EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56337

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 2:16 p.m.14 views

CVE-2026-56253

Capgo before 12.128.2 contains an improper access control vulnerability in the public.getorgmembers RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sbpublishable key and an organization UUID to retrieve...

8.7CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 2:16 p.m.12 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 1:7 p.m.14 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 1:7 p.m.25 views

CVE-2026-45620

Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/05 10:2 p.m.4 views

GHSA-6RVW-7P8V-MJFQ AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

Summary objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller including unauthenticated visitors, which defeats the admin-only guard...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/04/01 12:0 a.m.37 views

VulnCheck KEV: CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

5.3CVSS5.8AI score0.00908EPSS
In wildExploits1References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49834

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...

6.9CVSS6.9AI score0.00393EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-39665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames. CVE-2025-39665 Note...

6.9CVSS5.8AI score0.00223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

5.3CVSS7AI score0.00908EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.9 views

guests 安全漏洞

guests is a file sharing program open-sourced by ownCloud. A security vulnerability exists in guests prior to version 0.12.5, which stems from insufficient token validation in showPasswordForm and could lead to unauthenticated user enumeration...

5.3CVSS6.7AI score0.00908EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/05 12:0 a.m.6 views

EUVD-2025-37881

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

5.3CVSS6.4AI score0.00908EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-41323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

5.3CVSS5.6AI score0.33874EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/12 7:24 p.m.11 views

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS7.3AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 6:15 a.m.10 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

5.3CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.9 views

PT-2023-21066 · Netapp · Ontap Mediator

Name of the Vulnerable Software and Affected Versions: ONTAP Mediator versions prior to 1.7 Description: The issue allows an unauthenticated attacker to enumerate URLs via the REST API. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the issue. As a temporary...

5.3CVSS5.3AI score0.00393EPSS
Exploits0References3
OSV
OSV
added 2023/09/27 3:19 p.m.3 views

UBUNTU-CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

5.3CVSS5.8AI score0.33874EPSS
Exploits0References3
OSV
OSV
added 2022/11/21 5:15 p.m.1 views

CVE-2022-38755

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prio...

5.3CVSS5.7AI score0.00636EPSS
Exploits0References1
Rows per page
Query Builder