CVE & Exploit Intelligence Database

CVE-2026-26315 7.5 HIGH EPSS 0.00

go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.

CWE-203 Feb 19, 2026

CVE-2026-23621 4.3 MEDIUM EPSS 0.00

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to Directory.Exists(), allowing the attacker to determine whether arbitrary directories exist on the server.

CWE-203 Feb 19, 2026

CVE-2026-23620 4.3 MEDIUM EPSS 0.00

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.

CWE-203 Feb 19, 2026

CVE-2019-25337 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.

CWE-203 Feb 12, 2026

CVE-2026-26185 5.3 MEDIUM 1 Writeup EPSS 0.00

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. This vulnerability is fixed in 11.14.1.

CWE-203 Feb 12, 2026

CVE-2026-25562 4.3 MEDIUM 1 Writeup EPSS 0.00

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.

CWE-203 Feb 07, 2026

CVE-2026-25509 5.3 MEDIUM 1 Writeup EPSS 0.00

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. This issue has been patched in version 0.28.5.0.

CWE-203 Feb 03, 2026

CVE-2026-23849 5.3 MEDIUM EPSS 0.00

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint. The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username is not found in the database, the function returns immediately. However, if the username does exist, the code proceeds to verify the password using bcrypt (users.CheckPwd), which is a computationally expensive operation designed to be slow. This difference in execution path creates a measurable timing discrepancy. Version 2.55.0 contains a patch for the issue.

CWE-208 Jan 19, 2026

CVE-2026-23519 9.8 CRITICAL 1 Writeup EPSS 0.00

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.

CWE-208 Jan 15, 2026

CVE-2026-21484 5.3 MEDIUM 1 Writeup EPSS 0.00

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue.

CWE-204 Jan 03, 2026

CVE-2024-55374 5.3 MEDIUM 1 PoC Analysis EPSS 0.00

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

CWE-203 Jan 02, 2026

CVE-2022-50800 7.5 HIGH 1 PoC Analysis EPSS 0.00

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.

CWE-203 Dec 30, 2025

CVE-2023-53943 5.3 MEDIUM 1 PoC Analysis EPSS 0.00

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

CWE-203 Dec 18, 2025

CVE-2025-65185 2.8 LOW EPSS 0.00

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

CWE-203 Dec 17, 2025

CVE-2025-68164 2.7 LOW EPSS 0.00

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test

CWE-203 Dec 16, 2025

CVE-2025-13912 EPSS 0.00

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.

CWE-203 Dec 11, 2025

CVE-2020-36888 5.3 MEDIUM 1 PoC Analysis EPSS 0.00

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.

CWE-203 Dec 10, 2025

CVE-2025-63094 7.5 HIGH 1 Writeup EPSS 0.00

XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.

CWE-200 Dec 10, 2025

CVE-2025-39665 5.3 MEDIUM EPSS 0.00

User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

CWE-203 Dec 03, 2025

CVE-2025-59702 7.2 HIGH EPSS 0.00

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.

CWE-284 Dec 02, 2025