Lucene search
K

55 matches found

CVE
CVE
added 2026/06/25 5:41 p.m.24 views

CVE-2026-54092

CVE-2026-54092 affects File Browser before v2.63.6, where the login API at /api/login does not enforce a maximum password length. An arbitrarily long password can be submitted, causing excessive CPU/memory usage and potential container/logs instability, with reports of Docker daemon errors (500) ...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49065

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description Lack of maximum length validation for passwords allows an arbitrarily large string to be passed into the login API. When a large password is submitted, the CheckPwd function in users/password.g...

6.5CVSS5.8AI score0.00484EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8474

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS5.5AI score0.00183EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 7:47 a.m.32 views

CVE-2026-8474

Stormshield Network Security (Stormshield SNS) is affected by CVE-2026-8474. The issue affects SNS appliances running: 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. It enables a reflected cross-site scripting (XSS) attack targeting the login API, achievable by executing a script on the victim’s br...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 7:47 a.m.16 views

EUVD-2026-33586

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:47 a.m.10 views

CVE-2026-8474 Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45387

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Stormshield Network Security 安全漏洞

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall developed by the French company Stormshield. Versions 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, and 5.0.0 to 5.0.5 of Stormshield Network Security contain security vulnerabilities. These vulnerabilities stem from...

5.3CVSS5AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Account Switcher 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.21 views

Fleet: IP spoofing allows bypassing API rate limiting

Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/27 1:16 a.m.11 views

CVE-2026-7072

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

7.5CVSS0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

CodePanda Source canteen_management_system 注入漏洞

CodePanda Source canteenmanagementsystem is an open-source system developed by CodePanda Source for managing cafeteria operations and dining services. Version 1.0 of CodePanda Source canteenmanagementsystem contains a SQL injection vulnerability. This vulnerability stems from the handling of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.13 views

PT-2026-35283

Name of the Vulnerable Software and Affected Versions CodePanda Source canteen management system version 1.0 Description A SQL injection allows remote attackers to manipulate the Username argument via the '/api/login.php' endpoint. SQL injection is a type of flaw that allows an attacker to...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References9
Hacker One
Hacker One
added 2026/03/24 6:37 p.m.10 views

PortSwigger Web Security: Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption

A security issue was discovered in the /api-internal/login authentication endpoint of the internal login interface of Burp Suite DAST Enterprise. The issue was caused by improper input validation order, where the application processed user-supplied input before enforcing field-level validation...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/20 10:21 a.m.4 views

CVE-2026-33132 ZITADEL is missing enforcement of organization scopes

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

5.3CVSS6.2AI score0.00309EPSS
Exploits0References6
OSV
OSV
added 2025/12/08 5:56 p.m.3 views

GHSA-QMG5-V42X-QQHQ 1Panel – CAPTCHA Bypass via Client-Controlled Flag

Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/08 5:56 p.m.17 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...

7.5CVSS7.2AI score0.00405EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-24829

Malware in sbrugna...

5.3CVSS5.3AI score0.01444EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-33908

Malicious code in bioql PyPI...

5.9CVSS4.4AI score0.00726EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.7 views

CVE-2024-47530

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

6.1CVSS6.5AI score0.00371EPSS
Exploits1
Rows per page
Query Builder