7 matches found
PT-2026-34852
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...
CVE-2025-64422
CVE-2025-64422 affects Coolify 4.0.0-beta.434 and later. The /login endpoint advertises a rate limit of 5 requests but can be bypassed by rotating the X-Forwarded-For header, enabling unlimited credential stuffing and brute-force attempts against user and admin accounts. The available connected s...
EUVD-2024-54173
Malicious code in bioql PyPI...
CVE-2025-9004
CVE-2025-9004 affects mtons mblog up to version 3.5.0 (and related advisories reference versions prior to 3.5.1). The issue stems from improper restriction of excessive authentication attempts when processing /settings/password, with potential remote initiation. Exploitation is described as diffi...
CVE-2024-13685
The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...
CVE-2024-13685
CVE-2024-13685 affects the Admin and Site Enhancements (ASE) WordPress plugin prior to 7.6.10. The vulnerability arises because ASE retrieves client IP addresses from potentially untrusted headers, enabling an attacker to spoof the IP value and bypass the plugin’s login-limit protection. The issu...
CVE-2024-13685 Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing
The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...