EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

PT-2025-45157

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...

GHSA-M58F-9PVV-8MP2 Moodle vulnerable to brute-force password guesses

Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

CVE-2025-62399

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

Brute Force

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Brute Force via the authentication endpoints for the mobile client and authwebservice. An attacker can repeatedly attempt to guess user credentials by sending multiple authentication requests withou...

CVE-2025-62399 Moodle: password brute force risk when mobile/web services enabled

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

CVE-2025-62399

CVE-2025-62399 affects Moodle: the mobile and web service authentication endpoints do not adequately limit repeated password attempts, enabling possible brute-force attacks. CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5, HIGH). Connected documents confirm broader references and u...

PT-2025-43447

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description The authentication endpoints for Moodle’s mobile and web services did not adequately limit repeated password attempts, leaving them open to brute-force attacks. The vulnerable endpoints are th...

EUVD-2019-0026

Malware in sbrugna...

EUVD-2018-11246

Malware in sbrugna...

EUVD-2025-24036

Malicious code in bioql PyPI...

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

GHSA-7Q62-R88R-J5GW Fides has a Lack of Brute-Force Protections on Authentication Endpoints

Summary The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or...

Linux Distros Unpatched Vulnerability : CVE-2020-26891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to...

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

OpenBao Userpass and LDAP User Lockout Bypass

Impact Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. Patches OpenBao v2.3.2 will patch this issue. Workarounds Existing user...

CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

WSO2 API Manager和WSO2 Identity Server（IS） 跨站脚本漏洞

WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A cross-site scripting vulnerability exists in WSO2 API Manager and WSO2 Identity Server IS, which stems from a lack of...

PT-2024-31698 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.13.3 Directus versions prior to 11.1.0 Description: An unauthenticated user can access the credentials of the last authenticated user via OpenID or OAuth2 when the authentication URL does not include a redirect...

CVE-2023-0328

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...