PT-2025-35846

CVE-2025-58421 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-58421 Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

MAL-2025-35846 Malicious code in test-mlw2-neafe-blush (npm)

The package test-mlw2-neafe-blush was found to contain malicious code...

CVE-2023-35846

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 does not check the transport layer length in a frame before performing port filtering...

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function...

CVE-2024-35846

creationtimestamp| type| source ---|---|--- 2025-05-04 09:18:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14755...

Ubuntu: Security Advisory (USN-6949-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BELL-CVE-2024-35846

Bulletin has no description...

CVE-2023-35846

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 does not check the transport layer length in a frame before performing port filtering...

CVE-2023-35846

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 does not check the transport layer length in a frame before performing port filtering...

CVE-2023-35846

VirtualSquare PicoTCP-NG (aka PicoTCP-NG) up to version 2.1 is affected by a vulnerability in which the transport-layer length is not checked within a frame before port filtering. The issue is described across multiple sources as affecting the PicoTCP-NG stack (VirtualSquare) and is associated wi...

CVE-2022-35846

creationtimestamp| type| source ---|---|--- 2022-10-18 18:14:21+00:00| seen| https://t.me/cibsecurity/51677...

CVE-2022-35846

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack...

CVE-2022-35846

The CVE-2022-35846 entry covers FortiTester with a flaw in the Telnet port that allows brute-force credential guessing for the admin user due to an improper restriction of excessive authentication attempts. Affected FortiTester versions are 2.3.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0. The core issu...

CVE-2022-35846

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack...

Agentejo Cockpit NoSQL Injection (CVE-2020-35846)

A NoSQL Injection vulnerability exists in Agentejo Cockpit. Successful exploitation of this vulnerability could allow attackers to inject commands and execute arbitrary code on the affected system...

Exploit for SQL Injection in Agentejo Cockpit

CVE-2020-35846 - Leak Cockpit Usernames PoC John Hammond...

Metasploit Wrap-Up

Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...

Cockpit CMS NoSQLi to RCE

This module exploits two NoSQLi vulnerabilities to retrieve the user list, and password reset tokens from the system. Next, the USER is targetted to reset their password. Then a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it...

CVE-2020-35846

creationtimestamp| type| source ---|---|--- 2020-12-30 07:30:07+00:00| seen| https://t.me/cibsecurity/21421 2021-04-21 12:28:51+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cockpitcmsrce.rb 2025-02-06 03:13:44+00:00| seen|...

CVE-2020-35846

Agentejo Cockpit (Cockpit CMS) before version 0.11.2 is vulnerable to a NoSQL injection via the Controller/Auth.php check function. The NoSQL query using the $eq operator can allow unauthorized access and potential data exposure or manipulation. Affected versions are