Lucene search
+L

142 matches found

redhatcve
redhatcve
added 2026/01/09 9:18 a.m.5 views

CVE-2025-23214

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...

6.9CVSS7AI score0.00608EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/03 2:2 p.m.5 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.9AI score0.00218EPSS
Exploits0References1
euvd
euvd
added 2025/12/02 3:30 p.m.7 views

EUVD-2025-200225

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.4AI score0.00218EPSS
Exploits0References2
osv
osv
added 2025/12/02 2:16 p.m.8 views

CVE-2025-41015

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1
osv
osv
added 2025/12/02 1:15 p.m.6 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References1
nvd
nvd
added 2025/12/02 1:15 p.m.5 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS0.00218EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/02 1:12 p.m.2 views

CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.5AI score0.00218EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/02 1:12 p.m.11 views

CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS0.00218EPSS
Exploits0References1
cve
cve
added 2025/12/02 1:12 p.m.20 views

CVE-2025-41012

The CVE-2025-41012 entry describes an unauthorized-access vulnerability in TCMAN GIM v11 (build 20250304) where an unauthenticated attacker can determine if a user exists on the system by sending requests to the PDAWebService ( /WS/PDAWebService.asmx ) using the parameters pda:userId and pda:newP...

8.7CVSS6.5AI score0.00218EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2025/12/02 12:0 a.m.6 views

TCMAN GIM 信息泄露漏洞

TCMAN GIM is a management system from the Spanish company TCMAN. An information disclosure vulnerability exists in TCMAN GIM version v11 20250304, which originates from an unauthenticated attacker being able to determine if a user exists via the pda:username parameter...

7.5CVSS6.2AI score0.00266EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/02 12:0 a.m.5 views

TCMAN GIM 安全漏洞

TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11 20250304, which originates from unauthorized access and may result in determining the existence of a user...

8.7CVSS6.6AI score0.00218EPSS
Exploits0References1
snyk
snyk
added 2025/10/17 5:58 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of user accounts by analyzing differences in error messages presented during authentication attempts. Remediation Upgrade ibexa/user to version 5.0.3 or...

6.9CVSS7AI score
Exploits0References2
github
github
added 2025/10/17 5:58 p.m.8 views

ibexa/user login enumerates user accounts

Impact In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious. Patches See "Patched versions". Workarounds None. Resources...

6.6AI score
Exploits0References3Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0798

Malware in sbrugna...

5CVSS6.4AI score0.01388EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3451

Malicious code in bioql PyPI...

5CVSS6.2AI score0.02952EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-27843

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.01098EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-49324

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00427EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-36383

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00354EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1404

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01011EPSS
Exploits1References6
snyk
snyk
added 2025/08/21 6:31 p.m.3 views

Timing Attack

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server...

6.9CVSS7.2AI score0.00234EPSS
Exploits0References2
Rows per page
Query Builder