6 matches found
CVE-2025-15403
CVE-2025-15403 affects the RegistrationMagic WordPress plugin (versions
PT-2026-3341
Name of the Vulnerable Software and Affected Versions RegistrationMagic versions prior to 6.0.7.1 Description The RegistrationMagic plugin for WordPress is susceptible to a privilege escalation issue. The add menu function is accessible through the rm user exists AJAX action, allowing manipulatio...
Design/Logic Flaw
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...
CVE-2022-22700
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...
Code injection
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists...
Design/Logic Flaw
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...