Lucene search
+L

17 matches found

attackerkb
attackerkb
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
github
github
added 2026/06/18 3:5 p.m.11 views

Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...

7.5CVSS5.7AI score0.00343EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.11 views

PT-2026-40956

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2
github
github
added 2026/01/28 9:41 p.m.21 views

NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload

Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...

9.4CVSS5.9AI score0.00385EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2025/10/15 3:16 p.m.15 views

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

6.4CVSS0.00207EPSS
Exploits1References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0467

Malware in sbrugna...

7.5CVSS6.4AI score0.05574EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/10/03 6:1 p.m.5 views

CVE-2023-49883

IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

7.5CVSS6.6AI score0.00255EPSS
Exploits0References1
osv
osv
added 2025/10/01 5:15 p.m.4 views

CVE-2023-49883

IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References1
osv
osv
added 2025/06/06 2:15 a.m.4 views

CVE-2024-22330

IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

9.8CVSS5.8AI score0.00278EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:37 a.m.7 views

CVE-2019-15749

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...

6.5CVSS6.3AI score0.00985EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/01 2:22 p.m.26 views

CVE-2024-41778 IBM Controller information disclosure

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

5.3CVSS0.00251EPSS
Exploits0References1
osv
osv
added 2024/08/13 11:15 a.m.5 views

CVE-2024-40697

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895...

7.5CVSS5.8AI score0.00489EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2024/03/13 12:0 a.m.7 views

The vulnerability of the IBM Engineering Requirements Management DOORS application development tool, related to weak password requirements, allows attackers to compromise user accounts.

The vulnerability of the IBM Engineering Requirements Management DOORS application lies in its weak password requirements. Exploiting this vulnerability could allow attackers to compromise user accounts...

5.1CVSS6.6AI score0.00201EPSS
Exploits0References3Affected Software1
osv
osv
added 2020/08/26 7:15 p.m.4 views

CVE-2019-4698

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929...

7.5CVSS7.1AI score
Exploits0References2
osv
osv
added 2020/07/29 2:15 p.m.4 views

CVE-2020-4574

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181...

7.5CVSS7.1AI score0.01899EPSS
Exploits0References2
osv
osv
added 2019/06/26 3:15 p.m.4 views

CVE-2019-4235

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417...

7.5CVSS6.5AI score0.01471EPSS
Exploits0References2
exploitdb
exploitdb
added 2000/10/29 12:0 a.m.45 views

Cat Soft Serv-U FTP Server 2.5.x - Brute Force

source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login attempts a user is disconnected. Reconnection ...

7.4AI score
Exploits0
Rows per page
Query Builder