The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-0435 | User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS. Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance. | -- | Feb 26, 2024 | n/a |
| CVE-2021-31986 | User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-33580 | User controlled `request.getHeader(Referer)`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn\'t have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2. | MEDIUM | Aug 18, 2021 | n/a |
| CVE-2020-11242 | User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile | HIGH | Apr 7, 2021 | n/a |
| CVE-2020-27781 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even admin users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. | LOW | Dec 19, 2020 | n/a |
| CVE-2021-35050 | User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. | MEDIUM | Jun 25, 2021 | n/a |
| CVE-2020-13265 | User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | MEDIUM | Jun 20, 2020 | n/a |
| CVE-2024-25651 | User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint. | -- | Mar 14, 2024 | n/a |
| CVE-2023-22359 | User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | -- | Jun 26, 2023 | n/a |
| CVE-2018-18390 | User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | MEDIUM | Oct 19, 2018 | n/a |
| CVE-2018-13361 | User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the modgroup parameter. | MEDIUM | Nov 27, 2018 | n/a |
| CVE-2023-33562 | User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 1, 2023 | n/a |
| CVE-2023-36127 | User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Oct 10, 2023 | n/a |
| CVE-2023-36135 | User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 4, 2023 | n/a |
| CVE-2023-36141 | User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 4, 2023 | n/a |
| CVE-2023-40767 | User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40766 | User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40764 | User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40760 | User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40759 | User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40756 | User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40758 | User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40765 | User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40757 | User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40762 | User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40763 | User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2023-40761 | User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | -- | Aug 29, 2023 | n/a |
| CVE-2020-6371 | User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | MEDIUM | Oct 15, 2020 | n/a |
| CVE-2023-4095 | User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform. | -- | Sep 19, 2023 | n/a |
| CVE-2024-1145 | User enumeration vulnerability in Devklan\'s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response. | -- | Mar 19, 2024 | n/a |
| CVE-2024-26268 | User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request\'s response time. | -- | Feb 20, 2024 | n/a |
| CVE-2023-3221 | User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database. | -- | Sep 5, 2023 | n/a |
| CVE-2020-28185 | User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. | MEDIUM | Dec 24, 2020 | n/a |
| CVE-2021-27783 | User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | MEDIUM | May 26, 2022 | n/a |
| CVE-2023-41703 | User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known. | -- | Feb 16, 2024 | n/a |
| CVE-2021-27774 | User input included in error response, which could be used in a phishing attack. | -- | Sep 24, 2022 | n/a |
| CVE-2020-7370 | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko\'s Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions. | MEDIUM | Oct 21, 2020 | n/a |
| CVE-2020-7371 | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions. | MEDIUM | Oct 20, 2020 | n/a |
| CVE-2020-7369 | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020. | MEDIUM | Oct 21, 2020 | n/a |
| CVE-2020-7364 | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb\'s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb\'s UC Browser version 13.0.8 and prior versions. | MEDIUM | Oct 20, 2020 | n/a |
| CVE-2020-7363 | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb\'s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb\'s UC Browser version 13.0.8 and prior versions. | MEDIUM | Oct 20, 2020 | n/a |
| CVE-2022-45292 | User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | -- | Dec 10, 2022 | n/a |
| CVE-2020-13276 | User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | MEDIUM | Jun 20, 2020 | n/a |
| CVE-2019-2278 | User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660 | HIGH | Jul 29, 2019 | n/a |
| CVE-2022-27516 | User login brute force protection functionality bypass | -- | Nov 9, 2022 | n/a |
| CVE-2017-4017 | User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface. | MEDIUM | May 23, 2017 | n/a |
| CVE-2018-18391 | User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | MEDIUM | Oct 19, 2018 | n/a |
| CVE-2017-18169 | User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | MEDIUM | Jun 15, 2018 | n/a |
| CVE-2021-26886 | User Profile Service Denial of Service Vulnerability | LOW | Mar 13, 2021 | n/a |
| CVE-2023-33591 | User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. | -- | Jun 22, 2023 | n/a |
