CVE-2025-67806

The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...

EUVD-2025-209168

The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...

CVE-2025-67807

The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...

CVE-2025-67806

CVE-2025-67806 affects Sage DPW login mechanism. The Red Hat/NVD entries describe that, in versions before 2021_06_000, the system returns distinct responses for valid vs. invalid usernames, enabling account enumeration. In newer versions, on‑prem administrators can toggle this behavior. No furth...

PT-2026-25800

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not...

EUVD-2020-28359

Malware in sbrugna...

EUVD-2004-1103

Malware in sbrugna...

EUVD-2022-35807

Malicious code in bioql PyPI...

Siemens Polarion 安全漏洞

Siemens Polarion is a suite of application lifecycle management software from Siemens, Germany. The software supports end-to-end enterprise application development on a unified, modular, browser-based software environment. A security vulnerability exists in siemens Polarion versions prior to V231...

The vulnerability of the Portainer container management platform, related to improper user management, allows a hacker to determine whether a user’s name is valid or not.

The vulnerability of the Portainer container management platform is related to the difference in user authentication response time. Exploiting this vulnerability allows a remote attacker to determine whether the user’s name is valid or not...

CVE-2024-34024

CVE-2024-34024 is a vulnerability in ID Link Manager and FUJITSU Software TIME CREATOR where an unauthenticated attacker can determine whether a username is valid due to an observable response discrepancy. Affected products/versions (per sources) include: ID Link Manager II ≤1.8, ID Link Manager ...

Oracle Linux 5 : openssh (ELSA-2007-0540)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0540 advisory. - fixed audit log injection problem CVE-2007-3102 248059 - fix an information leak in Kerberos password authentication CVE-2006-5052 234638 Tenable has...

jenkins: Observable timing discrepancy allows determining username validity

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

jenkins: Observable timing discrepancy allows determining username validity

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

SUSE CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...

Observable timing discrepancy allows determining username validity in Jenkins

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This...

PT-2022-22041 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.355 and earlier, LTS versions 2.332.3 and earlier Description: The issue is related to an observable timing discrepancy on the login form, which allows distinguishing between login attempts with an invalid username and logi...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

DEBIAN-CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...