Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

406 matches found

Nuclei
Nucleiadded 2 days ago14 views

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS7.3AI score0.29557EPSS
Exploits3References2
EUVD
EUVDadded 6 days ago5 views

EUVD-2026-36793

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
NVD
NVDadded 6 days ago5 views

CVE-2026-49953

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References4
Cvelist
Cvelistadded 6 days ago25 views

CVE-2026-49953 Discuz! X5.0 CAPTCHA Bypass via Predictable Character Set

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVEadded 6 days ago11 views

CVE-2026-49953

Discuz! X5.0 (builds 20260320–20260610) contains a CAPTCHA bypass vulnerability where limited complexity and predictable character sets in generated CAPTCHA images enable unauthenticated remote attackers to reliably predict challenge text via OCR, bypassing protections on login, registration and ...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
NVD
NVDadded 2026/05/16 4:16 p.m.12 views

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS0.00429EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/16 3:25 p.m.4 views

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/16 3:25 p.m.35 views

CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS0.00429EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/16 3:25 p.m.8 views

EUVD-2020-31229

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/16 3:25 p.m.10 views

CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
CVE
CVEadded 2026/05/16 3:25 p.m.8 views

CVE-2020-37228

The CVE-2020-37228 entry concerns iDS6 DSSPro Digital Signage System 6.2, where a CAPTCHA security bypass allows authentication bypass by requesting the autoLoginVerifyCode object. Attackers can obtain valid CAPTCHA codes via the login endpoint and use them to brute-force user accounts. The vulne...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/05/16 12:0 a.m.13 views

PT-2026-41428

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.4 views

PT-2026-37296

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists in the 'objects/sendEmail.json.php' endpoint where the absence of the contactForm parameter allows unauthenticated users to send emails to arbitrary recipients. When this parameter is...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References6
Snyk
Snykadded 2026/04/22 5:6 p.m.3 views

Guessable CAPTCHA

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Guessable CAPTCHA through the objects/getCaptcha.php process. An attacker can bypass CAPTCHA protections by manipulating the ql parameter to generate trivially sho...

6.9CVSS5.4AI score0.00218EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/21 10:21 p.m.28 views

CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS0.00218EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/21 10:21 p.m.0 views

EUVD-2026-24527

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/21 10:21 p.m.2 views

CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2
CVE
CVEadded 2026/04/21 10:21 p.m.13 views

CVE-2026-40935

WWBN/AVideo (versions ≤ 29.0) is affected by a CAPTCHA bypass involving objects/getCaptcha.php. The ql parameter is read directly from the query string without clamping or sanitization, allowing an unauthenticated client to request a 1-character CAPTCHA word. Coupled with a case-insensitive strca...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/04/14 11:13 p.m.4 views

GHSA-HG7G-56H5-5PQR CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/04/14 11:13 p.m.4 views

CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder