EUVD-2026-30185

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

CVE-2026-44195

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

PT-2026-40828

Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.7 Description A logic flaw in the lockout handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a...

MyTube 安全漏洞

MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.72 contained security vulnerabilities. These vulnerabilities allowed unverified attackers to lock out admin and guest accounts due to login failures, potentially leading to denial-of-servic...

OpenBao 安全漏洞

OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.2 contained security vulnerabilities. These vulnerabilities were caused by cross-site scripting in the errordescription parameter on the authentication failed page, which could allo...

EUVD-2026-10916

Sylius has a XSS vulnerability in checkout login form...

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

EUVD-2025-35716

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...

CVE-2025-11750 User Enumeration via Distinct Error Messages in langgenius/dify-web

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

EUVD-2010-0947

Malware in sbrugna...

EUVD-2006-4391

Malware in sbrugna...

EUVD-2013-2979

Malware in sbrugna...

EUVD-2013-7051

Malware in sbrugna...

EUVD-2002-1072

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986385)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986385 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during...

EUVD-2025-27218

Malicious code in bioql PyPI...

EUVD-2022-33928

Malicious code in bioql PyPI...

EUVD-2022-34994

Malicious code in bioql PyPI...