Lucene search
K

2012 matches found

Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress Blue Captcha plugin <= 2.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Kamil Królikowski - Asseco Poland S.A. in WordPress Plugin Blue Captcha versions = 2.0.1...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36793

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-49953

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 6:45 p.m.31 views

CVE-2026-49953 Discuz! X5.0 CAPTCHA Bypass via Predictable Character Set

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 6:45 p.m.36 views

CVE-2026-49953

Discuz! X5.0 (builds 20260320–20260610) contains a CAPTCHA bypass vulnerability where limited complexity and predictable character sets in generated CAPTCHA images enable unauthenticated remote attackers to reliably predict challenge text via OCR, bypassing protections on login, registration and ...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49308

Discuz! X5.0 releases 20260320 through 20260501 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 5:18 p.m.13 views

EUVD-2026-36272

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 1:54 p.m.12 views

MAL-2026-5655 Malicious code in @hatcha-captcha/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.15 views

Malicious code in @hatcha-captcha/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.5AI score0.00218EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41037

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

8.8CVSS5.5AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 7:16 p.m.10 views

CVE-2026-5415

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS0.00393EPSS
Exploits1References2
NVD
NVD
added 2026/06/05 7:16 p.m.19 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS0.00449EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS5.7AI score0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:31 p.m.6 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 6:31 p.m.15 views

EUVD-2026-34889

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 6:31 p.m.34 views

CVE-2026-5411 WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS0.00449EPSS
Exploits0References2
CVE
CVE
added 2026/06/05 6:31 p.m.42 views

CVE-2026-5411

CVE-2026-5411 affects WP Captcha PRO (premium version, same slug as Advanced Google reCAPTCHA) for WordPress, vulnerable up to version 5.38. The root cause is a capability check in the licensing module’s save_ajax() function combined with unrestricted file extraction in sync_cloud_protection(), e...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/05 6:31 p.m.8 views

CVE-2026-5411 WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References2
Rows per page
Query Builder