Lucene search
K

67 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 12:10 a.m.2 views

CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

7.2CVSS5.9AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 12:10 a.m.18 views

CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

7.2CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 12:10 a.m.15 views

CVE-2026-1343

CVE-2026-1343 affects IBM Verify Identity Access Container (11.0–11.0.2), IBM Security Verify Access Container (10.0–10.0.9.1), IBM Verify Identity Access (11.0–11.0.2), and IBM Security Verify Access (10.0–10.0.9.1). The issue allows an attacker to contact internal authentication endpoints prote...

7.2CVSS5.9AI score0.00198EPSS
Exploits0References1Affected Software4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31053

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

7.2CVSS5.9AI score0.00198EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/24 7:47 p.m.12 views

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/23 3:23 p.m.11 views

CVE-2026-33488

WWBN AVideo CVE-2026-33488 affects versions up to 26.0 where the LoginControl plugin’s PGP 2FA key generation uses 512-bit RSA keys. The 512-bit modulus is factorable and, if an attacker obtains a user’s public key, can be factored on commodity hardware to derive the private key and decrypt 2FA c...

8.1CVSS5.7AI score0.00251EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/26 9:30 a.m.8 views

EUVD-2026-8842

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS5.6AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 8:16 a.m.5 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 7:58 a.m.21 views

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 7:58 a.m.5 views

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:58 a.m.8 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS5.5AI score0.00207EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.10 views

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 6:16 p.m.15 views

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.8CVSS0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/26 5:40 p.m.24 views

CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS0.00418EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/26 5:40 p.m.4 views

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS5.9AI score0.00418EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 5:40 p.m.6 views

EUVD-2026-4665

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS5.9AI score0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4793

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS5.9AI score0.00418EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2025/12/17 4:11 p.m.7 views

Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/05 7:16 p.m.8 views

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

6.1CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2025/11/05 7:2 p.m.29 views

CVE-2025-5770

WSO2: CVE-2025-5770 is a reflected XSS in authentication endpoints across multiple WSO2 products (e.g., Identity Server, API Manager, API Control Plane) caused by insufficient output encoding. The vulnerability allows a malicious actor to inject JavaScript that is reflected in responses, enabling...

6.1CVSS5.7AI score0.00202EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder