[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-25350":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-24T14:57:35.500Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":82,"aliases":97,"duplicate_of":9,"upstream":98,"downstream":99,"duplicates":100,"related":101,"reserved_at":9,"published_at":102,"modified_at":102,"state":103,"summary":104,"references_raw":112,"kevs":122,"epss":123,"epss_history":126,"metrics":128,"affected":136},"CVE-2018-25350","userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-204","Observable Response Discrepancy","The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.","weakness","Incomplete","Base",[19,23,27,39],{"id":20,"name":21,"techniques":22},"CAPEC-331","ICMP IP Total Length Field Probe",[],{"id":24,"name":25,"techniques":26},"CAPEC-332","ICMP IP 'ID' Field Error Message Probe",[],{"id":28,"name":29,"techniques":30},"CAPEC-541","Application Fingerprinting",[31],{"id":32,"name":33,"tactics":34,"countermeasures":38},"T1592.002","Software",[35],{"id":36,"name":37},"TA0043","Reconnaissance",[],{"id":40,"name":41,"techniques":42},"CAPEC-580","System Footprinting",[43],{"id":44,"name":45,"tactics":46,"countermeasures":50},"T1082","System Information Discovery",[47],{"id":48,"name":49},"TA0102","Discovery",[51,56,60,65,70,74,78],{"id":52,"name":53,"tactic":54},"D3-SCA","System Call Analysis",{"name":55},"Detect",{"id":57,"name":58,"tactic":59},"D3-PSA","Process Spawn Analysis",{"name":55},{"id":61,"name":62,"tactic":63},"D3-DE","Decoy Environment",{"name":64},"Deceive",{"id":66,"name":67,"tactic":68},"D3-SCF","System Call Filtering",{"name":69},"Isolate",{"id":71,"name":72,"tactic":73},"D3-EAL","Executable Allowlisting",{"name":69},{"id":75,"name":76,"tactic":77},"D3-EDL","Executable Denylisting",{"name":69},{"id":79,"name":80,"tactic":81},"D3-HBPI","Hardware-based Process Isolation",{"name":69},[83],{"_key":84,"name":85,"source":86,"url":87,"maturity":88,"reliability_score":89,"verified":90,"type":9,"platforms":91,"requires_auth":9,"exploitdb":93,"metasploit":9},"44872","userSpice 4.3.24 - Username Enumeration","exploit-database","https://www.exploit-db.com/exploits/44872","poc",0.5,false,[92],"php",{"verified":90,"type":94,"platform":92,"file":95,"codes":96},"webapps","exploits/php/webapps/44872.py",[],[],[],[],[],[],"2026-05-23T18:30:51.228Z","PUBLISHED",{"cisa_kev":90,"cisa_ransomware":90,"cisa_vendor":9,"epss_severity":105,"epss_score":106,"severity":107,"severity_score":108,"severity_version":109,"severity_source":110,"severity_vector":111,"severity_status":103},"low",0.00076,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[113,117],{"url":87,"sources":114,"tags":115},[110],[116],"Exploit",{"url":118,"sources":119,"tags":120},"https://www.vulncheck.com/advisories/userspice-username-enumeration-via-existingusernamecheck-php",[110],[121],"Third Party Advisory",[],{"date":124,"score":106,"percentile":125},"2026-05-24",0.22671,[127],{"date":124,"score":106,"percentile":125},[129],{"source":110,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":130,"cvss_v4_0":133},{"baseScore":108,"baseSeverity":131,"vectorString":111,"impactScore":108,"exploitabilityScore":132},"CRITICAL",10,{"baseScore":134,"baseSeverity":131,"vectorString":135,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[137],{"ecosystem":9,"name":138,"vendor":139,"product":139,"cpe_part":140,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":141},"userSpice","userspice","a",[142],{"version":143,"is_range":90,"range_type":110,"version_start":143,"version_start_type":144,"version_end":143,"version_end_type":144,"fixed_in":9},"4.3.24","including"]