Lucene search
+L

7 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.14 views

PT-2026-34852

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

8.7CVSS5.8AI score0.00454EPSS
Exploits0References4
CVE
CVE
added 2026/01/05 8:29 p.m.16 views

CVE-2025-64422

CVE-2025-64422 affects Coolify 4.0.0-beta.434 and later. The /login endpoint advertises a rate limit of 5 requests but can be bypassed by rotating the X-Forwarded-For header, enabling unlimited credential stuffing and brute-force attempts against user and admin accounts. The available connected s...

6.9CVSS6.5AI score0.00252EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54173

Malicious code in bioql PyPI...

5.3CVSS8.7AI score0.00338EPSS
Exploits1References1
CVE
CVE
added 2025/08/15 2:32 a.m.29 views

CVE-2025-9004

CVE-2025-9004 affects mtons mblog up to version 3.5.0 (and related advisories reference versions prior to 3.5.1). The issue stems from improper restriction of excessive authentication attempts when processing /settings/password, with potential remote initiation. Exploitation is described as diffi...

9.1CVSS7.4AI score0.00874EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/06 6:53 a.m.8 views

CVE-2024-13685

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...

5.3CVSS7AI score0.00338EPSS
Exploits1References1
CVE
CVE
added 2025/03/04 6:0 a.m.50 views

CVE-2024-13685

CVE-2024-13685 affects the Admin and Site Enhancements (ASE) WordPress plugin prior to 7.6.10. The vulnerability arises because ASE retrieves client IP addresses from potentially untrusted headers, enabling an attacker to spoof the IP value and bypass the plugin’s login-limit protection. The issu...

5.3CVSS6.8AI score0.00338EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/04 6:0 a.m.15 views

CVE-2024-13685 Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...

0.00338EPSS
Exploits1References1
Rows per page
Query Builder