Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56327

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-30 Jun, 2026 | 22:08
Updated At-01 Jul, 2026 | 13:19
Rejected At-
Credits

Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:30 Jun, 2026 | 22:08
Updated At:01 Jul, 2026 | 13:19
Rejected At:
▼CVE Numbering Authority (CNA)
Capgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks.

Affected Products
Vendor
Capgo
Product
Capgo
Default Status
unaffected
Versions
Affected
  • From 0 before 12.128.2 (semver)
Unaffected
  • 12.128.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-203Observable Discrepancy
Type: CWE
CWE ID: CWE-203
Description: Observable Discrepancy
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Judel777
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m
vendor-advisory
https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-existence-oracle-via-public-invite-user-to-org-rpc
third-party-advisory
Hyperlink: https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m
Resource:
vendor-advisory
Hyperlink: https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-existence-oracle-via-public-invite-user-to-org-rpc
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m
exploit
Hyperlink: https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:30 Jun, 2026 | 23:17
Updated At:01 Jul, 2026 | 14:16

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-203Secondarydisclosure@vulncheck.com
CWE ID: CWE-203
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6mdisclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-existence-oracle-via-public-invite-user-to-org-rpcdisclosure@vulncheck.com
N/A
https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-existence-oracle-via-public-invite-user-to-org-rpc
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

198Records found

CVE-2026-56311
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.27% / 17.90%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 21:04
Updated-23 Jun, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information including MAU, bandwidth, storage, and build time limits for any organization.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-285
Improper Authorization
CVE-2026-56318
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.43%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via /private/validate_password_compliance Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages, allowing confirmation of organization existence.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56282
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 14.84%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-23 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via Unauthenticated /replication Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive infrastructure details such as replication slot names, confirmed_flush_lsn, restart_lsn values, and database error messages for reconnaissance purposes.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56218
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 10.61%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-23 Jun, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56337
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.44%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 11:53
Updated-25 Jun, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Information Disclosure via Unauthenticated RPC Function exist_app_v2

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function that allows unauthenticated attackers to enumerate app_ids by calling POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER function to determine whether specific app_ids exist in the public.apps table, enabling cross-tenant app enumeration and privacy violations.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-56321
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.32% / 24.08%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 21:04
Updated-23 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Missing Authentication Middleware on GET /private/role_bindings Endpoint

Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware layer. The handler still performs its own authorization check and returns Unauthorized, so no direct data exposure occurs; the flaw is inconsistent authentication enforcement across HTTP methods that could enable authorization bypass if the handler logic changes.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-56331
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.17%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String

Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic_invite_string is invalid. Attackers can trigger this vulnerability using only the public key by submitting malformed magic_invite_string values to cause server errors and leak internal processing details.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2026-56234
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 15.84%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-23 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate limiting, enabling attackers to perform password spraying and credential stuffing attacks to compromise user accounts.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2026-56319
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 8.50%
||
7 Day CHG~0.00%
Published-20 Jun, 2026 | 15:24
Updated-22 Jun, 2026 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - App Existence Oracle via GET /statistics/app/:app_id

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by observing 500 PGRST116 errors for inaccessible apps versus 401 errors for nonexistent apps, breaking tenant isolation.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-4302
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.85% / 53.56%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 07:37
Updated-23 Jan, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stop User Enumeration < 1.7.3 - Protection Bypass

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.

Action-Not Available
Vendor-fullworkspluginsUnknown
Product-stop_user_enumerationStop User Enumeration
CWE ID-CWE-203
Observable Discrepancy
CVE-2026-56316
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 15.19%
||
7 Day CHG~0.00%
Published-21 Jun, 2026 | 13:26
Updated-24 Jun, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to distinguish valid job IDs from invalid ones and generate sustained unauthenticated traffic for resource consumption.

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-43623
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.62%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-18 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-mendixSiemens AG
Product-forgot_passwordMendix Forgot Password (Mendix 8 compatible)Mendix Forgot Password (Mendix 10 compatible)Mendix Forgot Password (Mendix 9 compatible)Mendix Forgot Password (Mendix 7 compatible)
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-19805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.99% / 58.30%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 17:05
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.

Action-Not Available
Vendor-mfscriptsn/a
Product-yetisharen/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2026-47379
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.54%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 20:17
Updated-24 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1.

Action-Not Available
Vendor-nocodb
Product-nocodb
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-3939
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.50%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 12:33
Updated-04 Jun, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Observable Response Discrepancy

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Action-Not Available
Vendor-tridiumTridiumMicrosoft CorporationBlackBerry LimitedLinux Kernel Organization, Inc
Product-niagara_enterprise_securityqnxwindowslinux_kernelniagaraNiagara FrameworkNiagara Enterprise Security
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2026-45410
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 10.61%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 21:23
Updated-29 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-based user enumeration in TREK authentication endpoint

TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before returning a 401 Unauthorized, adding ~370 ms of latency. When the email did not exist, the backend returned immediately (~10 ms). This ~14× timing difference could be detected without any difference in HTTP status codes or response bodies. This vulnerability is fixed in 3.0.18.

Action-Not Available
Vendor-mauriceboe
Product-TREK
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2026-45294
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 11.31%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 19:52
Updated-02 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeScout: User Account Enumeration via Password Reset Response Differentiation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.

Action-Not Available
Vendor-freescout-help-desk
Product-freescout
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2019-18886
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.55% / 72.10%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 17:41
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.

Action-Not Available
Vendor-sensiolabsn/a
Product-symfonyn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-16516
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-19.10% / 96.97%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 17:24
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.

Action-Not Available
Vendor-connectwisen/a
Product-controln/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-16394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-7.54% / 93.77%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 20:47
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.

Action-Not Available
Vendor-spipn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxspipn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-30344
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.46%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 00:00
Updated-27 Mar, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds).

Action-Not Available
Vendor-openslidesIntevation
Product-openslidesOpenSlides
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2023-4095
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 29.58%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 13:22
Updated-25 Sep, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User enumeration vulnerability in Fujitsu Arconte Áurea

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.

Action-Not Available
Vendor-FujitsuFujitsu Limited
Product-arconte_aureaArconte Áurea
CWE ID-CWE-204
Observable Response Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-27451
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.30%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 11:27
Updated-06 Feb, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-27451

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

Action-Not Available
Vendor-endressEndress+Hauser
Product-meac300-fnade4meac300-fnade4_firmwareEndress+Hauser MEAC300-FNADE4
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2022-24043
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.99% / 58.22%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:46
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.

Action-Not Available
Vendor-Siemens AG
Product-desigo_dxr2desigo_pxc3_firmwaredesigo_pxc4desigo_dxr2_firmwaredesigo_pxc5_firmwaredesigo_pxc4_firmwaredesigo_pxc3desigo_pxc5Desigo PXC5Desigo PXC3Desigo DXR2Desigo PXC4
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-56423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.97%
||
7 Day CHG~0.00%
Published-24 Nov, 2025 | 00:00
Updated-28 Nov, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages

Action-Not Available
Vendor-crawsn/a
Product-openatlasn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-24391
Matching Score-4
Assigner-OTRS AG
ShareView Details
Matching Score-4
Assigner-OTRS AG
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 14.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 08:15
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible user enumeration

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X

Action-Not Available
Vendor-OTRS AG
Product-OTRS
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20752
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.87% / 54.38%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 20:30
Updated-01 Nov, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Products Timing Attack Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerunity_connectionCisco Unified Communications Manager
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-20940
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 46.46%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:38
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-1989
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 49.36%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 09:55
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Visualization vulnerable to user enumeration

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

Action-Not Available
Vendor-CODESYS GmbH
Product-visualizationCODESYS Visualization
CWE ID-CWE-204
Observable Response Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-0569
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.35%
||
7 Day CHG~0.00%
Published-12 Feb, 2022 | 23:55
Updated-24 Feb, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Observable Discrepancy in snipe/snipe-it

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

Action-Not Available
Vendor-snipeitappsnipe
Product-snipe-itsnipe/snipe-it
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-52576
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.63%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 16:46
Updated-22 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue.

Action-Not Available
Vendor-kanboardkanboard
Product-kanboardkanboard
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-0564
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-5.3||MEDIUM
EPSS-1.36% / 68.26%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 00:00
Updated-25 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qlik Sense Enterprise Domain User enumeration

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. The affected URI is /internal_forms_authentication/ the response time of the form is longer if the supplied user does not exists and shorter if the user exists.

Action-Not Available
Vendor-qlikQlik SenseMicrosoft Corporation
Product-windowsqlik_senseQlik Sense Enterprise on Windows
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2021-45901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-14.32% / 96.17%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 13:59
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.

Action-Not Available
Vendor-n/aServiceNow, Inc.
Product-servicenown/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-46876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.55%
||
7 Day CHG~0.00%
Published-12 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.

Action-Not Available
Vendor-ibexan/a
Product-ez_platform_kerneln/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-45925
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.42%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Username Enumeration

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-44554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 59.46%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 08:31
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt.

Action-Not Available
Vendor-cybelesoftn/a
Product-thinfinity_virtualuin/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-44876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.79% / 51.75%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 16:20
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-dalmarkn/a
Product-systeam_enterprise_resource_planningn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-24011
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.45% / 70.18%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 15:27
Updated-20 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Umbraco A/S (Umbraco)
Product-umbraco_cmsUmbraco-CMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-44875
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.79% / 51.75%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 16:20
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-dalmarkn/a
Product-systeam_enterprise_resource_planningn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-38871
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 46.01%
||
7 Day CHG~0.00%
Published-28 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.

Action-Not Available
Vendor-economizzern/a
Product-economizzern/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-39522
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.97%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 17:23
Updated-01 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Username enumeration attack in goauthentik

goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-goauthentikgoauthentik
Product-authentikauthentik
CWE ID-CWE-203
Observable Discrepancy
CVE-2014-4156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.20% / 64.42%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 14:13
Updated-06 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability

Action-Not Available
Vendor-proxmoxn/a
Product-virtual_environmentn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-38327
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.84%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 00:00
Updated-11 Sep, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response.

Action-Not Available
Vendor-egroupwaren/a
Product-egroupwaren/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2025-1396
Matching Score-4
Assigner-WSO2 LLC
ShareView Details
Matching Score-4
Assigner-WSO2 LLC
CVSS Score-3.7||LOW
EPSS-0.23% / 14.18%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 07:52
Updated-06 Oct, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validate_username setting. This behavior allows malicious actors to determine which usernames exist in the system based on observable discrepancies in the application's responses. Exploitation of this vulnerability could aid in brute-force attacks, targeted phishing campaigns, or other social engineering techniques by confirming the validity of user identifiers within the system.

Action-Not Available
Vendor-WSO2 LLC
Product-open_banking_iamidentity_server_as_key_manageridentity_serverWSO2 Identity ServerWSO2 Open Banking IAMWSO2 Identity Server as Key Manager
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-3462
Matching Score-4
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-4
Assigner-HashiCorp Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.61% / 44.99%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 22:40
Updated-21 Oct, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault's LDAP Auth Method Allows for User Enumeration

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-vaultVault EnterpriseVault
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-16669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.11% / 61.80%
||
7 Day CHG~0.00%
Published-21 Sep, 2019 | 18:41
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.

Action-Not Available
Vendor-pagekitn/a
Product-pagekitn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-35698
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 43.16%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 09:37
Updated-01 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.

Action-Not Available
Vendor-SICK AG
Product-icr890-4_firmwareicr890-4ICR890-4
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2026-33425
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.21% / 10.84%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:12
Updated-24 Mar, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the `exclude_groups` parameter. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable public access to the user directory via Admin → Settings → hide user profiles from public.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2019-15132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.03% / 78.65%
||
7 Day CHG~0.00%
Published-17 Aug, 2019 | 00:00
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Action-Not Available
Vendor-n/aDebian GNU/LinuxZABBIX
Product-zabbixdebian_linuxn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-33518
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 36.40%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.

Action-Not Available
Vendor-emoncmsn/a
Product-emoncmsn/a
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found