Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 2025/04/17 9:38 p.m.14 views

CVE-2025-31941

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

6.9CVSS7.1AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2025/04/15 10:15 p.m.3 views

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 9:43 p.m.54 views

CVE-2025-27927

CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...

6.9CVSS5.4AI score0.0025EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/04/15 9:16 p.m.3 views

CVE-2025-31941

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 8:28 p.m.38 views

CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

6.9CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/11 12:0 a.m.14 views

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

5.5AI score0.00732EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/02/11 12:0 a.m.43 views

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

0.00732EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.135 views

UoW Pop2d Remote File Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UoW pop2d Remote File Retrieval Vulnerability', 'Description' = %q This module exploits a vulnerability in the FOLD command of the University of...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-19425 · Hitachi Energy · Asset Suite Eam +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a REST service authentication anomaly where a "valid username/no password" credential combination allows for successful service...

5.3CVSS6.8AI score0.00371EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.4 views

ZenML Security Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A security vulnerability exists in ZenML versions prior to 0.46.7, which stems from the /api/v1/users/usernameorid/activate REST API endpoint allowing access based on a valid...

8.8CVSS6.9AI score0.70581EPSS
Exploits1References6
OSV
OSV
added 2023/10/03 11:15 a.m.4 views

CVE-2023-4097

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username...

8.8CVSS5.8AI score0.00541EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/12 4:54 p.m.16 views

CVE-2023-34344 A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure...

5.3CVSS5.4AI score0.0045EPSS
Exploits0References1
NVD
NVD
added 2023/04/24 8:15 a.m.34 views

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

5.3CVSS5.2AI score0.00836EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/24 12:0 a.m.40 views

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

5.5AI score0.00836EPSS
Exploits1References3
Veracode
Veracode
added 2023/03/08 7:32 a.m.13 views

Observable Response Discrepancy

vantage6server is vulnerable to Observable Response Discrepancy. The vulnerability exists because the login requirement is not properly implemented which allows an attacker to brute force password and observe a valid username response...

6.5CVSS6.3AI score0.00591EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.3 views

SUSE CVE-2014-9043

The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...

5CVSS7.4AI score0.01859EPSS
Exploits0References2
CNVD
CNVD
added 2022/06/28 12:0 a.m.17 views

MELAG FTP Server Authentication Error Vulnerability

MELAG FTP Server is an FTP server from the German company MELAG. version 2.2.0.4 of MELAG FTP Server is vulnerable to an authentication error, which stems from incomplete authentication checks. A remote attacker could exploit the vulnerability to access local files with a valid username...

7.5CVSS3.9AI score0.01577EPSS
Exploits1References1
OSV
OSV
added 2022/06/24 12:15 p.m.6 views

CVE-2021-41638

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...

7.5CVSS7.1AI score0.01577EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/24 12:15 p.m.3 views

CVE-2021-41638

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...

7.5CVSS7.2AI score0.01577EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.5 views

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

7.5CVSS6.8AI score0.01221EPSS
Exploits0References2
Rows per page
Query Builder