Lucene search
K

3088 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.53 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-40954

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations. An attacker can leverage these differences to enumerate valid usernames and...

7.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 7 hours ago3 views

CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

8.1CVSS
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

8.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago32 views

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS5.8AI score0.0203EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago10 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS5.8AI score0.00648EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago9 views

NocoDB - User Enumeration

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3. id: CVE-2026-28358 info: name: NocoDB -...

6.9CVSS5.7AI score0.00601EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago12 views

Piwigo - User Enumeration via Password Reset

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at...

6.9CVSS5.8AI score0.00766EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago11 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.8AI score0.00635EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago29 views

iTop - User Enumeration via REST Endpoint

From the webservices/rest.php file, several operations are accessible from an unauthenticated user. One of them is doresetpwd, allowing to reset a user password. This feature can be abused to perform user enumeration when a non-existent user is provided. id: CVE-2024-51739 info: name: iTop - User...

7.5CVSS7.2AI score0.01259EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday30 views

Thinfinity VirtualUI User Enumeration

Thinfinity VirtualUI before v3.0, /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users Administrator, Guest, etc. id: CVE-2021-44848 info: name: Thinfinity VirtualUI User Enumeration author: danielmofer severity: medium...

5.3CVSS6AI score0.23141EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago24 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS5.8AI score0.00847EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago16 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS6.3AI score0.20196EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago40 views

TerraMaster TOS < 4.2.06 - User Enumeration

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...

5.3CVSS6.1AI score0.18066EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago35 views

Jira - Incorrect Authorization

Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access. id: CVE-2019-3403...

5.3CVSS6.3AI score0.52637EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago23 views

CVE-2026-44731 OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-44731

OpenProject contains an input leakage in the web application’s meetings filter feature that lets an attacker determine whether a user ID is valid and view the user’s full name, enabling enumeration of existing accounts. The issue occurs before versions 17.3.2 and 17.4.0 and is resolved by upgradi...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-52900

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description The meetings filter feature in the web application allows an attacker to enumerate existing user accounts by probing user IDs and observing differences in...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References5
CVE
CVE
added 2026/06/23 8:33 p.m.17 views

CVE-2026-47380

CVE-2026-47380 affects NocoDB. The vulnerability stems from an unknown-user sign-in path in auth.service.ts where the unknown-user branch returned without a password hash check, causing timing differences between known and unknown emails. This could enable network-positioned attackers to enumerat...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder