Monthly
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
Saleor e-commerce platform versions 2.10.0 through 3.23.0a2 leak user email addresses via error messages in the requestEmailChange() GraphQL mutation, allowing authenticated attackers to enumerate valid email addresses in the system. The vulnerability affects multiple version branches and is resolved in patched versions 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118. CVSS 5.3 reflects low confidentiality impact with authentication requirement.
Sage DPW 2025_06_004 and earlier versions enable username enumeration through differential login responses, allowing remote attackers to discover valid user accounts without authentication. The vulnerability affects all versions before 2021_06_000, though on-premise administrators in newer versions can disable this behavior through configuration options.
ESET Protect (on-premises) allows user enumeration through response timing analysis, enabling remote attackers to determine whether specific usernames exist in the system without authentication. This information disclosure vulnerability (CWE-204) exploits timing differences in authentication responses to distinguish valid users from invalid ones, potentially facilitating targeted attacks against known accounts.
WWBN AVideo versions up to and including 26.0 contain an information disclosure vulnerability in the password recovery endpoint (objects/userRecoverPass.php) that allows unauthenticated attackers to enumerate valid usernames and determine account status (active, inactive, or banned) without solving any captcha. The vulnerability exists because user existence and account status validation occurs before captcha verification, enabling attackers to distinguish three different JSON error responses at scale. No evidence of active exploitation in the wild has been reported, but a patch is available in commit e42f54123b460fd1b2ee01f2ce3d4a386e88d157.
MinIO AIStor's Security Token Service (STS) AssumeRoleWithLDAPIdentity endpoint contains two combined vulnerabilities that enable LDAP credential brute-forcing: distinguishable error messages allowing username enumeration (CWE-204) and missing rate limiting (CWE-307). All MinIO deployments through the final open-source release with LDAP authentication enabled are affected. Unauthenticated network attackers can enumerate valid LDAP usernames, perform unlimited password guessing attacks, and obtain temporary AWS-style STS credentials granting full access to victim users' S3 buckets and objects.
Email verification resend endpoints in the Pages and legacy PublicAPI routes leak information about valid usernames through distinguishable responses, enabling unauthenticated attackers to enumerate active accounts. The default `emailVerifySuccessOnInvalidEmail` configuration option, which mitigates this issue, was not applied to these specific routes. A patch is available that extends the protection to both routes.
A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages reveal whether a login exists in the system, enabling attackers to build valid user lists for targeted brute force attacks. This vulnerability affects Raytha CMS versions prior to 1.5.0. The moderate CVSS score of 6.9 reflects the information disclosure risk, though real-world impact depends on how attackers chain this enumeration with other attacks.
IBM Aspera Console versions 3.3.0 through 3.4.8 contain a username enumeration vulnerability caused by observable response discrepancies in authentication mechanisms. An unauthenticated remote attacker can exploit this to enumerate valid usernames through response analysis, enabling reconnaissance for subsequent targeted attacks. With a CVSS score of 5.3 and low attack complexity, this is a low-to-moderate severity information disclosure issue suitable for standard patch management cycles rather than emergency response.
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
Saleor e-commerce platform versions 2.10.0 through 3.23.0a2 leak user email addresses via error messages in the requestEmailChange() GraphQL mutation, allowing authenticated attackers to enumerate valid email addresses in the system. The vulnerability affects multiple version branches and is resolved in patched versions 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118. CVSS 5.3 reflects low confidentiality impact with authentication requirement.
Sage DPW 2025_06_004 and earlier versions enable username enumeration through differential login responses, allowing remote attackers to discover valid user accounts without authentication. The vulnerability affects all versions before 2021_06_000, though on-premise administrators in newer versions can disable this behavior through configuration options.
ESET Protect (on-premises) allows user enumeration through response timing analysis, enabling remote attackers to determine whether specific usernames exist in the system without authentication. This information disclosure vulnerability (CWE-204) exploits timing differences in authentication responses to distinguish valid users from invalid ones, potentially facilitating targeted attacks against known accounts.
WWBN AVideo versions up to and including 26.0 contain an information disclosure vulnerability in the password recovery endpoint (objects/userRecoverPass.php) that allows unauthenticated attackers to enumerate valid usernames and determine account status (active, inactive, or banned) without solving any captcha. The vulnerability exists because user existence and account status validation occurs before captcha verification, enabling attackers to distinguish three different JSON error responses at scale. No evidence of active exploitation in the wild has been reported, but a patch is available in commit e42f54123b460fd1b2ee01f2ce3d4a386e88d157.
MinIO AIStor's Security Token Service (STS) AssumeRoleWithLDAPIdentity endpoint contains two combined vulnerabilities that enable LDAP credential brute-forcing: distinguishable error messages allowing username enumeration (CWE-204) and missing rate limiting (CWE-307). All MinIO deployments through the final open-source release with LDAP authentication enabled are affected. Unauthenticated network attackers can enumerate valid LDAP usernames, perform unlimited password guessing attacks, and obtain temporary AWS-style STS credentials granting full access to victim users' S3 buckets and objects.
Email verification resend endpoints in the Pages and legacy PublicAPI routes leak information about valid usernames through distinguishable responses, enabling unauthenticated attackers to enumerate active accounts. The default `emailVerifySuccessOnInvalidEmail` configuration option, which mitigates this issue, was not applied to these specific routes. A patch is available that extends the protection to both routes.
A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages reveal whether a login exists in the system, enabling attackers to build valid user lists for targeted brute force attacks. This vulnerability affects Raytha CMS versions prior to 1.5.0. The moderate CVSS score of 6.9 reflects the information disclosure risk, though real-world impact depends on how attackers chain this enumeration with other attacks.
IBM Aspera Console versions 3.3.0 through 3.4.8 contain a username enumeration vulnerability caused by observable response discrepancies in authentication mechanisms. An unauthenticated remote attacker can exploit this to enumerate valid usernames through response analysis, enabling reconnaissance for subsequent targeted attacks. With a CVSS score of 5.3 and low attack complexity, this is a low-to-moderate severity information disclosure issue suitable for standard patch management cycles rather than emergency response.