73 matches found
CVE-2025-31941
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...
CVE-2025-27927
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927
CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...
CVE-2025-31941
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...
CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...
CVE-2024-54772
An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...
CVE-2024-54772
An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...
UoW Pop2d Remote File Retrieval
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UoW pop2d Remote File Retrieval Vulnerability', 'Description' = %q This module exploits a vulnerability in the FOLD command of the University of...
PT-2024-19425 · Hitachi Energy · Asset Suite Eam +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a REST service authentication anomaly where a "valid username/no password" credential combination allows for successful service...
ZenML Security Vulnerability
ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A security vulnerability exists in ZenML versions prior to 0.46.7, which stems from the /api/v1/users/usernameorid/activate REST API endpoint allowing access based on a valid...
CVE-2023-4097
The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username...
CVE-2023-34344 A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure...
CVE-2023-30458
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...
CVE-2023-30458
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...
Observable Response Discrepancy
vantage6server is vulnerable to Observable Response Discrepancy. The vulnerability exists because the login requirement is not properly implemented which allows an attacker to brute force password and observe a valid username response...
SUSE CVE-2014-9043
The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...
MELAG FTP Server Authentication Error Vulnerability
MELAG FTP Server is an FTP server from the German company MELAG. version 2.2.0.4 of MELAG FTP Server is vulnerable to an authentication error, which stems from incomplete authentication checks. A remote attacker could exploit the vulnerability to access local files with a valid username...
CVE-2021-41638
The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...
CVE-2021-41638
The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...
CVE-2022-34174
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...