13 matches found
PT-2026-55274
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Description The default Authorizer function in the BasicAuth middleware, located in middleware/basicauth/config.go, uses short-circuit evaluation when validating credentials. If a username does not exist, the syst...
CVE-2026-54089 File Browser: Authentication Bypass via Proxy Auth Header Forgery
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...
GHSA-JR54-JWHJ-55GP NocoDB: User Enumeration via Sign-In Timing
Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...
NocoDB: User Enumeration via Sign-In Timing
Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...
PT-2026-46998
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description A timing difference exists in the sign-in response when using known versus unknown email addresses. This occurs because the unknown-user branch in the auth.service.ts file returns a response witho...
BIT-TOMCAT-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any...
CVE-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...
CVE-2026-43512
CVE-2026-43512 describes an authentication bypass in the Digest authenticator of Apache Tomcat. Affected are Tomcat 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, 8.5.0 to 8.5.100, and older/pre-7.0.0 versions. The issue is fixed in Tomcat 11.0.22, 10.1.55, and 9.0.118. Multiple...
CVE-2025-58586
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...
CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...
CVE-2022-37301
creationtimestamp| type| source ---|---|--- 2025-04-28 15:10:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13689...
CVE-2019-19232
It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...
DEBIAN-CVE-2008-5558
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service crash via authentication attempts involving 1 an unknown user or 2 a user using hostname matching...