CVE-2026-56338

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

CVE-2026-56338

Capgo prior to version 12.128.2 contains a denial-of-service flaw in the /auth/v1/otp endpoint used for 2FA email verification. The issue arises from captcha validation failures causing the backend to return HTTP 500 errors, preventing authenticated users from completing 2FA enrollment and access...

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

PT-2026-34200

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

GHSA-M99F-MMVG-3XMX AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

EUVD-2022-0105

Malicious code in bioql PyPI...

EUVD-2023-34212

Malicious code in bioql PyPI...

EUVD-2024-0299

Malicious code in bioql PyPI...

EUVD-2023-41894

Malicious code in bioql PyPI...

CVE-2023-2751

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...

PT-2025-17612 · Unknown · Meon Kyc Solutions

Name of the Vulnerable Software and Affected Versions: Meon KYC solutions affected versions not specified Description: The issue is caused by insufficient server-side validation of the Captcha in certain API endpoints, allowing a remote attacker to bypass the Captcha verification mechanism by...

Fedora 41 : lemonldap-ng (2024-7bc1df53fc)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7bc1df53fc advisory. Update to lemonldap-ng 2.20.1: - Security Adaptative Authentication Rules triggered by Refresh my rights - Security XSS in upgradeSession / forceUpgrade page...

Fedora 40 : lemonldap-ng (2024-e457192aa2)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e457192aa2 advisory. Update to lemonldap-ng 2.20.1: - Security Adaptative Authentication Rules triggered by Refresh my rights - Security XSS in upgradeSession / forceUpgrade page...

Recovery Notification Bypass

WWBN AVideo is vulnerable to Recovery Notification Bypass. The vulnerability is due to a flaw in the captcha validation functionality of the userRecoverPass.php script. This issue can be exploited by an attacker to create a recovery pass code for any user...

WWBN AVideo recovery notification bypass vulnerability

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user...

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

CVE-2023-50172

Summary: CVE-2023-50172 affects WWBN AVideo (dev master, commit 15fed957fb). The vulnerability lies in userRecoverPass.php captcha validation, where the recoverPass value is set even if the captcha check fails, enabling a malicious actor to silently create a recovery pass code for any user. An at...