Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36510 | 1 Fortinet | 2 Forticlientems, Fortisoar | 2026-06-17 | N/A | 5.3 MEDIUM |
| An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. | |||||
| CVE-2024-35114 | 1 Ibm | 1 Control Center | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | |||||
| CVE-2024-34336 | 1 Ordat | 1 Ordat.erp | 2026-06-17 | N/A | 5.3 MEDIUM |
| User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | |||||
| CVE-2024-33856 | 1 Logpoint | 1 Siem | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. | |||||
| CVE-2024-31870 | 1 Ibm | 1 I | 2026-06-17 | N/A | 3.3 LOW |
| IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. | |||||
| CVE-2024-2482 | 1 Surya2developer | 1 Hostel Management System | 2026-06-17 | 2.6 LOW | 3.7 LOW |
| A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891. | |||||
| CVE-2024-28868 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | 3.7 LOW |
| Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins. | |||||
| CVE-2024-24766 | 1 Icewhale | 1 Casaos-userservice | 2026-06-17 | N/A | 6.2 MEDIUM |
| CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue. | |||||
| CVE-2024-1145 | 1 Alma | 1 Alma Blog | 2026-06-17 | N/A | 5.3 MEDIUM |
| User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response. | |||||
| CVE-2024-13198 | 1 Mtons | 1 Mblog | 2026-06-17 | 2.6 LOW | 3.7 LOW |
| A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13028 | 1 Antabot | 1 White-jotter | 2026-06-17 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12663 | 2026-06-17 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-0391 | 1 Wso2 | 3 Identity Server, Identity Server As Key Manager, Open Banking Iam | 2026-06-17 | N/A | 5.3 MEDIUM |
| The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization's reputation and leading to regulatory non-compliance and financial consequences. | |||||
| CVE-2023-50306 | 1 Ibm | 1 Common Licensing | 2026-06-17 | N/A | 4.0 MEDIUM |
| IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. | |||||
| CVE-2023-49069 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. | |||||
| CVE-2023-47159 | 1 Ibm | 1 Sterling File Gateway | 2026-06-17 | N/A | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | |||||
| CVE-2023-46170 | 1 Ibm | 2 Ds8900f, Ds8900f Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names. | |||||
| CVE-2023-40179 | 1 Silverwaregames | 1 Silverwaregames | 2026-06-17 | N/A | 5.3 MEDIUM |
| Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email. | |||||
| CVE-2023-39343 | 1 Sulu | 1 Sulu | 2026-06-17 | N/A | 4.3 MEDIUM |
| Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. | |||||
| CVE-2023-38362 | 1 Ibm | 1 Cics Tx | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814. | |||||