Lucene search
K

11979 matches found

CVE
CVE
added 3 days ago19 views

CVE-2026-44332

Fiber’s Go-based web framework vulnerability CVE-2026-44332 affects the BasicAuth middleware’s default Authorizer prior to v3.3.0. The issue arises from short-circuit evaluation in the Authorizer: for non-existent usernames, the password hash check is skipped, enabling remote username enumeration...

5.3CVSS6AI score0.00516EPSS
Exploits0References4
CVE
CVE
added 4 days ago8 views

CVE-2026-55417

Chevereto (self-hosted media sharing) is affected in versions 3.7.5 up to before 4.5.4. The issue is that when a user enables private profile, the HTML route (/username) correctly returns 404, but the /json AJAX listing endpoint does not apply the same privacy check. An unauthenticated caller who...

6.9CVSS6AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-55417 Chevereto private profile setting leaks username on /json endpoint

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

PYSEC-2026-2005 vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS6.1AI score0.00394EPSS
Exploits0References7
OSV
OSV
added 4 days ago4 views

PYSEC-2026-2008 vantage6 vulnerable to username timing attack

Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...

3.7CVSS5.9AI score0.00398EPSS
Exploits0References7
OSV
OSV
added 4 days ago4 views

PYSEC-2026-2006 Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

5.4CVSS6.1AI score0.00402EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-8926

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References6
NVD
NVD
added 5 days ago6 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

9.8CVSS0.00668EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41919

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-14705

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
NVD
NVD
added last week11 views

CVE-2024-1248

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

5.3CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2024-1248

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00191EPSS
Exploits0References2Affected Software5
CVE
CVE
added last week15 views

CVE-2024-1248

The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...

5.3CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2024-55648

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added last week30 views

CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-41696

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
CVE
CVE
added last week16 views

CVE-2026-14648

The CVE details a SQL injection in code-projects Online Voting System (versions up to 0.x/1.0) via the Login component, affecting the function test_input in /authentication.php. By manipulating adminUserName/adminPassword arguments, an attacker can exploit the vulnerability remotely. The exploit ...

7.5CVSS6.8AI score0.00347EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 6:15 p.m.8 views

EUVD-2026-41688

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.10 views

PT-2026-55732

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An SQL injection issue exists in the Admin Login component within the /admin/login.php endpoint. The flaw allows remote attackers to manipulate the Username variable t...

7.5CVSS7.4AI score0.00412EPSS
Exploits0References11
Rows per page
Query Builder