178 matches found
CVE-2026-40995
X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...
PT-2026-48618
X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
CVE-2026-22746
A flaw was found in Spring Security. If an application uses the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, an attacker can bypass the DaoAuthenticationProvider's timing attack defense. This bypass allows an attacker to potentially gain limited information...
EUVD-2026-24607
Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...
CVE-2026-22746
Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...
PT-2026-34250
Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...
PT-2026-26446
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and MFA configuration. As...
CVE-2020-37173
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Version 8.1 of WWBN AVideo contains a security vulnerability. This vulnerability stems from information leakage, and it could allow attackers to enumerate user details through the playlistsFromUser.json.ph...
BIT-MOODLE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
CVE-2024-34991
In the module "Axepta" axepta before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information expiry date / postal address / email / etc. without restriction due to a lack of permissions control...
PT-2025-44427
Name of the Vulnerable Software and Affected Versions Kanova versions 1.0.27 Description The Kanova Android App has issues with how access is controlled. An attacker could manipulate parameters in requests to the application's API and gain unauthorized access to user details and group information...
Kanova Android App 安全漏洞
Kanova Android App is a social group application by Kanova. A security vulnerability exists in Kanova Android App version 1.0.27, which stems from improper access control and could lead to unauthorized access to user details and obtain group information...
EUVD-2015-0297
Malware in sbrugna...
EUVD-2018-13535
Malware in sbrugna...
EUVD-2020-6008
Malware in sbrugna...
EUVD-2019-6085
Malware in sbrugna...
EUVD-2017-0066
Malware in sbrugna...
EUVD-2020-24743
Malware in sbrugna...