By weakness (CWE)
CWE-204: related vulnerabilities
CVEs classified under CWE-204. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-45294MEDIUM 5.3
FreeScout, a Laravel-based open-source help desk platform, leaks information about whether an email address is registered as a helpdesk agent account. An attacker can repeatedly submit email addresses to the password reset feature and observe different visual responses that reveal which accounts exist—a technique called user enumeration. This flaw affects all versions before 1.8.219 and requires no authentication or user interaction to exploit.
- CVE-2026-45620MEDIUM 5.3
CVE-2026-45620 is a user enumeration vulnerability in WWBN AVideo version 29.0 and earlier. The `objects/mention.json.php` endpoint lacks proper authentication controls and allows attackers to discover valid usernames on the platform without logging in. An attacker can craft requests to the endpoint and enumerate users by checking responses, potentially gathering intelligence for follow-up attacks like credential stuffing or targeted social engineering.