Low
CVSS: 2.0
A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing…
Low
CVSS: 3.7
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possib…
Medium
CVSS: 6.9
The public-facing product registration endpoint server responds
differently depending on whether the S/N is valid and unregistered,
valid but already registered, or does not exist in the database.
Combined with the fact that serial numbe…
Low
CVSS: 3.7
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fix…
Medium
CVSS: 5.3
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addres…
Medium
CVSS: 5.3
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response.
High
CVSS: 7.5
The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords…
Medium
CVSS: 6.9
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
High
CVSS: 8.7
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php
Medium
CVSS: 5.3
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abu…
Medium
CVSS: 5.3
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.
User Enumeration via Timing…
Low
CVSS: 2.0
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available.
Affected are older Screen versions, as well as version 5.0.0.
Medium
CVSS: 4.3
CWE-203: Observable Discrepancy
Medium
CVSS: 5.3
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
Medium
CVSS: 6.3
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
Medium
CVSS: 4.3
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration…
Medium
CVSS: 4.3
IBM InfoSphere Information Server 11.7
could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
High
CVSS: 7.5
An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.
Medium
CVSS: 5.8
Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabilit…
Low
CVSS: 3.7
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.