Lucene search
+L

32 matches found

CVE
CVE
added 2026/06/26 4:9 p.m.26 views

CVE-2026-11779

Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises when user accounts are temporarily locked due to failed login attempts. Attackers with valid client credentials can exploit the revers...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 10:30 p.m.26 views

CVE-2026-44547

CVE-2026-44547 affects ChurchCRM 7.2.0–7.2.2, where an incomplete fix for CVE-2026-4058 left the public login path exploitable. The hardening commit was merged but silently stripped from src/api/routes/public/public-user.php before any 7.2.x tag was cut, so all 7.2.x releases remain vulnerable. T...

9.6CVSS5.8AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:21 p.m.12 views

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting usernames wit...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 6:31 p.m.15 views

GHSA-HV9P-2PQF-R5W3 pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 2:35 p.m.42 views

CVE-2026-7820 pgAdmin 4: Account-lockout bypass via Flask-Security default /login view

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 2:35 p.m.14 views

CVE-2026-7820 pgAdmin 4: Account-lockout bypass via Flask-Security default /login view

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Version 7.0.1 of OpenEMR contains a security vulnerability...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-39630

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description Improper restriction of excessive authentication attempts occurs because the MAX LOGIN ATTEMPTS limit is only enforced within the '/authenticate/login' view. The default '/login' view provided by...

6.9CVSS6.7AI score0.00211EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/04/17 11:16 p.m.33 views

CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication...

9.1CVSS0.00502EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 11:16 p.m.2 views

CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication...

9.1CVSS5.9AI score0.00502EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.11 views

CVE-2019-18917

A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout...

6.5CVSS7.1AI score0.01475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.7 views

CVE-2025-62257

Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...

6.3CVSS7.1AI score0.00368EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8595

Malware in sbrugna...

6.5CVSS6.5AI score0.01475EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

OPEXUS FOIAXpress Public Access Link 安全漏洞

OPEXUS FOIAXpress Public Access Link OPEXUS FOIAXpress PAL is a secure, public-facing web portal from OPEXUS that connects organizations with requesters and integrates with payment solutions, including payment solutions. A security vulnerability exists in OPEXUS FOIAXpress Public Access Link...

7.5CVSS6.7AI score0.00534EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/04 4:0 a.m.23 views

CVE-2025-3709

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack...

9.8CVSS7.3AI score0.00477EPSS
Exploits0References4
OSV
OSV
added 2025/05/02 4:15 a.m.10 views

CVE-2025-3709

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References2
NVD
NVD
added 2025/05/02 4:15 a.m.14 views

CVE-2025-3709

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack...

9.8CVSS0.00477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/02 3:13 a.m.12 views

CVE-2025-3709 Flowring Technology Agentflow - Account Lockout Bypass

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack...

9.8CVSS9.7AI score0.00477EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.12 views

PT-2025-18748 · Flowring Technology · Agentflow

Name of the Vulnerable Software and Affected Versions: Agentflow from Flowring Technology affected versions not specified Description: The issue allows unauthenticated remote attackers to perform password brute force attacks by bypassing account lockout protection. Recommendations: At the moment,...

9.8CVSS6.5AI score0.00477EPSS
Exploits0References12
Rows per page
Query Builder