GHSA-VRMH-5MMX-HJWX Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

Private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data CWE: CWE-285 Improper Authorization via CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and CWE-863 Incorrect Authorization — inconsistent gating across data-reader...

CVE-2026-2458 Unauthorized channel enumeration in private teams after member removal

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner

WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...

CVE-2024-1223

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

Siemens Mendix Runtime 安全漏洞

Siemens Mendix Runtime is a key component of Siemens AG Siemens, Germany. A security vulnerability exists in Siemens Mendix Runtime that stems from a distinguishable response that could lead to unauthorized enumeration of entity and property names...

CVE-2024-1223

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

CVE-2024-1223 Improper authorization controls in PaperCut NG/MF

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

CVE-2024-1223 Improper authorization controls in PaperCut NG/MF

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

CVE-2024-1223

CVE-2024-1223 concerns PaperCut NG/MF. The vulnerability enables unauthorized enumeration of information via the device’s APIs when an attacker already knows a combination of usernames, device names, and an internal system key, and the system is in a specific runtime state. This is described cons...

PT-2024-17496 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG affected versions not specified Description: This issue potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid...

Unikrn: An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier

Vulnerability description not provided...

PT-2022-4020 · Jenkins · Jenkins Compuware Source Code Download For Endevor +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware...

CVE-2020-10866

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC...