60 matches found
CVE-2025-55462
A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...
CVE-2023-4415
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2025-65427
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations...
CVE-2025-65427
The CVE-2025-65427 affects the Dbit N300 T1 Pro Easy Setup Wireless Wi‑Fi Router (firmware V1.0.0). The root cause is lack of rate limiting on the /api/login endpoint, enabling brute-force password enumeration. Documented impact: password guessing attempts are possible with network access; remedi...
EUVD-2019-17783
Malware in sbrugna...
EUVD-2024-41601
Malicious code in bioql PyPI...
EUVD-2023-33999
Malicious code in bioql PyPI...
EUVD-2024-45396
Malicious code in bioql PyPI...
EUVD-2024-42581
Malicious code in bioql PyPI...
CVE-2024-47656
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user...
CVE-2024-45790
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to...
CVE-2023-27742
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login...
CVE-2024-9340
A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...
CVE-2025-29996
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
WordPress plugin WP JobHunt 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...
CVE-2025-29996
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29996 Authentication Bypass Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this...
CVE-2025-29996
CVE-2025-29996 affects the CAP back office application. The issue is an improper implementation of the OTP verification in the API-based login, allowing a remote attacker with valid credentials to manipulate API requests to bypass 2FA for other user accounts. The core vulnerability is in the OTP/...
Rising Technosoft CAP back office application 安全漏洞
Rising Technosoft CAP back office application is a back office application from Rising Technosoft India. A security vulnerability exists in the Rising Technosoft CAP back office application, which stems from a poor implementation of the OTP authentication mechanism in the API login, allowing remo...
CVE-2025-23413
When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...