Lucene search
K

60 matches found

NVD
NVD
added 2026/01/13 3:15 p.m.3 views

CVE-2025-55462

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...

6.5CVSS0.0037EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.3 views

CVE-2023-4415

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS7.2AI score0.56147EPSS
Exploits5References1
OSV
OSV
added 2025/12/16 4:15 p.m.3 views

CVE-2025-65427

An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3
CVE
CVE
added 2025/12/16 12:0 a.m.31 views

CVE-2025-65427

The CVE-2025-65427 affects the Dbit N300 T1 Pro Easy Setup Wireless Wi‑Fi Router (firmware V1.0.0). The root cause is lack of rate limiting on the /api/login endpoint, enabling brute-force password enumeration. Documented impact: password guessing attempts are possible with network access; remedi...

6.5CVSS6.7AI score0.00295EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-17783

Malware in sbrugna...

9.8CVSS9.5AI score0.01135EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-41601

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00564EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2023-33999

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.00619EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-45396

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00547EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42581

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.12 views

CVE-2024-47656

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user...

9.8CVSS7.1AI score0.00488EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.8 views

CVE-2024-45790

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...

9.8CVSS7.4AI score0.00564EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.8 views

CVE-2023-27742

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login...

9.8CVSS8.3AI score0.00934EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:46 a.m.7 views

CVE-2024-9340

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

7.5CVSS7.1AI score0.00896EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/15 11:21 a.m.7 views

CVE-2025-29996

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...

8.2CVSS7.2AI score0.00409EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.3 views

WordPress plugin WP JobHunt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...

7.5CVSS7AI score0.00406EPSS
Exploits0References4
NVD
NVD
added 2025/03/13 12:15 p.m.7 views

CVE-2025-29996

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...

8.2CVSS0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/13 11:18 a.m.21 views

CVE-2025-29996 Authentication Bypass Vulnerability in CAP back office application

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...

8.2CVSS0.00409EPSS
Exploits0References1
CVE
CVE
added 2025/03/13 11:18 a.m.79 views

CVE-2025-29996

CVE-2025-29996 affects the CAP back office application. The issue is an improper implementation of the OTP verification in the API-based login, allowing a remote attacker with valid credentials to manipulate API requests to bypass 2FA for other user accounts. The core vulnerability is in the OTP/...

8.2CVSS6.6AI score0.00409EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.2 views

Rising Technosoft CAP back office application 安全漏洞

Rising Technosoft CAP back office application is a back office application from Rising Technosoft India. A security vulnerability exists in the Rising Technosoft CAP back office application, which stems from a poor implementation of the OTP authentication mechanism in the API login, allowing remo...

8.2CVSS7AI score0.00409EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 6:15 p.m.1 views

CVE-2025-23413

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.7CVSS5.8AI score0.00152EPSS
Exploits0References1
Rows per page
Query Builder