17 matches found
CVE-2026-56272
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...
Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID
Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...
PT-2026-40956
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...
CVE-2025-56748
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...
EUVD-2001-0467
Malware in sbrugna...
CVE-2023-49883
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...
CVE-2023-49883
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...
CVE-2024-22330
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...
CVE-2019-15749
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...
CVE-2024-41778 IBM Controller information disclosure
IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...
CVE-2024-40697
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895...
The vulnerability of the IBM Engineering Requirements Management DOORS application development tool, related to weak password requirements, allows attackers to compromise user accounts.
The vulnerability of the IBM Engineering Requirements Management DOORS application lies in its weak password requirements. Exploiting this vulnerability could allow attackers to compromise user accounts...
CVE-2019-4698
IBM Security Guardium Data Encryption GDE 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929...
CVE-2020-4574
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181...
CVE-2019-4235
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417...
Cat Soft Serv-U FTP Server 2.5.x - Brute Force
source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login attempts a user is disconnected. Reconnection ...