35 matches found
📄 Soosyze CMS 2.0 Brute Forcer
Soosyze CMS version 2.0 authentication brute forcing tool that leverages an absence of rate limiting on the /user/login endpoint. ============================================================================================================================================= | Title : Soosyze CMS 2.0...
EUVD-2020-19101
Malware in sbrugna...
EUVD-2025-15582
Malicious code in bioql PyPI...
EUVD-2025-15580
Malicious code in bioql PyPI...
EUVD-2025-15581
Malicious code in bioql PyPI...
CVE-2012-10001
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts...
GHSA-9FWJ-9MJF-RHJ3 laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
GHSA-2F4R-34M4-3W8Q Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
Linux Distros Unpatched Vulnerability : CVE-2024-8260
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input...
Red Hat WildFly Elytron 安全漏洞
Red Hat WildFly Elytron is a security framework for application servers from Red Hat USA. The product supports features such as configuring administrative access rights to servers. A security vulnerability exists in Red Hat WildFly Elytron, which stems from an insufficiently restricted...
CVE-2024-8260
An SMB force-authentication vulnerability exists in all versions of OPA. The vulnerability exists due to improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or one of the OPA Go library’s functions. Mitigation Mitigation for...
OPA for Windows has an SMB force-authentication vulnerability
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...
GHSA-C77R-FH37-X2PX OPA for Windows has an SMB force-authentication vulnerability
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...
CVE-2024-8260 OPA SMB Force-Authentication
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...
CVE-2024-8260
Technical details for CVE-2024-8260 are not publicly available in the provided connected documents. The initial description mentions OPA on Windows and an SMB force-authentication issue, but no concrete affected versions, impact, exploit data, or fixes are given here. Monitor for updates.
PT-2024-38897 · Unknown +1 · Opa Go Library +1
Name of the Vulnerable Software and Affected Versions: OPA for Windows versions prior to 0.68.0 Description: A SMB force-authentication vulnerability exists due to improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one ...
Akira Ransomware Exploits Cisco Zero-Day Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-20269, is a concerning security issue that impacts the remote access VPN feature of Cisco ASA Adaptive Security Appliance and FTD Firepower Threa...
CVE-2023-3548
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack...
CVE-2023-3548
CVE-2023-3548 affects Johnson Controls IQ Wifi 6 firmware versions prior to 2.0.2. The vulnerability is described as an improper restriction of excessive authentication attempts (CWE-307) that could allow an unauthorized user to gain account access via a brute-force authentication attack over the...