PT-2026-49308

Discuz! X5.0 releases 20260320 through 20260501 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

CVE-2026-26206

Wazuh server API brute-force protection for POST /security/user/authenticate can be bypassed via a race condition when handling concurrent authentication requests. From versions 4.0.0 up to before 4.14.4, sequential requests honor the max_login_attempts threshold (default 50) but parallel bursts ...

GHSA-2299-GHJR-6VJP Parse Server: MFA recovery code single-use bypass via concurrent requests

Impact An attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and...

Azure Linux 3.0 Security Update: irssi (CVE-2019-13045)

The version of irssi installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13045 advisory. - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free wh...

CVE-2023-40834

OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter...

Cross-site Request Forgery (CSRF)

Jenkins is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to missing or insufficient CSRF protection on login-related functionality, which allows an attacker to trick a victim into unknowingly authenticating into the attacker’s account...

CVE-2025-11707 Login Lockdown & Protection <= 2.14 - IP Block Bypass

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblockkey key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...

DRUPAL-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

DRUPAL-CONTRIB-2025-115

The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...

EUVD-2012-3832

Malware in sbrugna...

EUVD-2014-4933

Malware in sbrugna...

EUVD-2007-1338

Malware in sbrugna...

EUVD-2025-12074

Malicious code in bioql PyPI...

EUVD-2022-52732

Malicious code in bioql PyPI...

EUVD-2025-6425

Malicious code in bioql PyPI...

PT-2025-36508

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...

WordPress plugin Security Ninja 安全漏洞

WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...

CVE-2025-39408

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress BruteGuard – Brute Force Login Protection bruteguard allows Reflected XSS.This issue affects BruteGuard – Brute Force Login Protection: from n/a through = 0.1.4...

CVE-2025-39408

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EverPress BruteGuard – Brute Force Login Protection bruteguard allows Reflected XSS.This issue affects BruteGuard – Brute Force Login Protection: from n/a through = 0.1.4...