CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

PT-2026-28424

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The application fails to enforce view restrictions when...

EUVD-2026-1885

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. Since user IDs are assigned sequentially and predictably e.g., 1 to 1000, an attacker can extract a complete list of all users’ fu...

EUVD-2017-7445

Malware in sbrugna...

silverstripe/framework vulnerable to member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. - Users that don't exist in will never get a locked out message - Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue...

silverstripe/framework member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. - Users that don't exist in will never get a locked out message - Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue...

CVE-2005-1133

The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server...