Astra Linux - уязвимость в zabbix

The execution time for a failed login differs when using a non-existent username compared to using an existing one...

BIT-AUTHENTIK-2023-39522 Username enumeration attack in goauthentik

goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recover...

Timing Attack

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Timing Attack in the authentication process. An attacker can infer the...

GO-2026-4274 Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea...

Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

CVE-2025-69413

Summary: Gitea before 1.25.2 exposes a behavioral difference in the /api/v1/user endpoint for failed authentication based on whether the username exists, as described for CVE-2025-69413. Affected software/component: Gitea prior to version 1.25.2; endpoint: /api/v1/user. Root cause / behavior: The...

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

PT-2026-1000

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2 Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the...

EUVD-2024-54412

Malicious code in bioql PyPI...

EUVD-2025-11088

Malicious code in bioql PyPI...

CVE-2025-56764

Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a username exists or not by returning different error messages "Unknown user" vs. "Wrong password", allowing an attacker to enumerate valid usernames...

PT-2025-39869

Name of the Vulnerable Software and Affected Versions Trivision NC-227WF firmware version 5.80 build 20141010 Description The login mechanism in the software allows an attacker to determine if a username is valid by observing different error messages. Specifically, a “Unknown user” message...

Linux Distros Unpatched Vulnerability : CVE-2022-32741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker is able to determine if the provided username exists and it's valid using Request New Password feature, based on the response time. CVE-2022-32741 Note...

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy via the login process. An attacker can determine whether specific usernames exist by measuring response times during authentication attempts. Remediation Upgrade mautic/core-lib to version 5.2.8, 6.0.5 or...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via pathLogin. An attacker can determine whether a username exists by measuring response times. Remediation Upgrade github.com/hashicorp/vault/builtin/credential/userpass to version 1.20.1 or higher. References - GitHub...

CVE-2024-11084

Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists...