Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55274

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Description The default Authorizer function in the BasicAuth middleware, located in middleware/basicauth/config.go, uses short-circuit evaluation when validating credentials. If a username does not exist, the syst...

5.3CVSS6AI score0.00516EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/06/25 5:46 p.m.33 views

CVE-2026-54089 File Browser: Authentication Bypass via Proxy Auth Header Forgery

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS0.00337EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 4:3 p.m.11 views

GHSA-JR54-JWHJ-55GP NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:3 p.m.14 views

NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

6.3CVSS5.5AI score0.00197EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-46998

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description A timing difference exists in the sign-in response when using known versus unknown email addresses. This occurs because the unknown-user branch in the auth.service.ts file returns a response witho...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References7
OSV
OSV
added 2026/05/14 11:56 a.m.9 views

BIT-TOMCAT-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any...

9.8CVSS5.7AI score0.01233EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/12 3:24 p.m.12 views

CVE-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

5.7AI score0.01233EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 3:24 p.m.124 views

CVE-2026-43512

CVE-2026-43512 describes an authentication bypass in the Digest authenticator of Apache Tomcat. Affected are Tomcat 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, 8.5.0 to 8.5.100, and older/pre-7.0.0 versions. The issue is fixed in Tomcat 11.0.22, 10.1.55, and 9.0.118. Multiple...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/10/06 7:15 a.m.5 views

CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

5.3CVSS0.0034EPSS
Exploits0References6
OSV
OSV
added 2025/08/22 4:50 p.m.4 views

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

5.3CVSS6.7AI score0.0035EPSS
Exploits0References8
Circl
Circl
added 2025/04/28 3:10 p.m.8 views

CVE-2022-37301

creationtimestamp| type| source ---|---|--- 2025-04-28 15:10:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13689...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/12/27 11:38 a.m.27 views

CVE-2019-19232

It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...

7.5CVSS3.7AI score0.03295EPSS
Exploits0References4
OSV
OSV
added 2008/12/17 5:30 p.m.3 views

DEBIAN-CVE-2008-5558

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service crash via authentication attempts involving 1 an unknown user or 2 a user using hostname matching...

4.3CVSS7AI score0.01959EPSS
Exploits0References1
Rows per page
Query Builder