GHSA-HV9P-2PQF-R5W3 pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: http://example.com/user/login?admin If they provide the access key and have a specific role they can log in. The module does not check for...

CVE-2025-13982

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

Drupal Login Time Restriction security vulnerability

Drupal Login Time Restriction is a login time restriction plugin for the Drupal community. Versions of Drupal Login Time Restriction prior to 1.0.3 contained a security vulnerability, which was caused by a cross-site request forgeing issue, potentially allowing cross-site request forgeing attacks...

PT-2026-5201

Name of the Vulnerable Software and Affected Versions Drupal Login Time Restriction versions prior to 1.0.3 Description A Cross-Site Request Forgery CSRF issue exists in the Login Time Restriction module. This allows attackers to perform actions on behalf of authenticated users without their...

EUVD-2015-4565

Malware in sbrugna...

EUVD-2024-3530

Malicious code in bioql PyPI...

Authelia 安全漏洞

Authelia is an open source single sign-on multi-factor portal for web applications by Authelia. A security vulnerability exists in Authelia versions prior to 4.38.19, which stems from a flaw in the login restriction mechanism, leading to an increased risk of brute force break-in...

CVE-2022-4534

The Limit Login Attempts Spam Protection plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can suppl...

PT-2024-30268 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.18 Description: The issue allows attackers to execute a brute force attack due to the lack of restriction on failed login attempts. Recommendations: For Pluck CMS version 4.7.18, consider implementing a custom restrictio...

PT-2023-31228 · Doracms · Doracms

Name of the Vulnerable Software and Affected Versions: DoraCMS version 2.1.8 Description: The issue allows attackers to gain access to the application via a bruteforce attack due to the re-use of the same code for verification of valid usernames and passwords. Recommendations: For DoraCMS version...

PT-2023-24960 · Unknown · Wifi Soft Unibox Administration

Name of the Vulnerable Software and Affected Versions: Wifi Soft Unibox Administration versions 3.0 through 3.1 Description: The issue arises from the lack of validation or sanitization of user input in the username field of the login page, leading to SQL Injection. This allows attackers to injec...

PT-2023-24978 · Unknown · Phpgurukul Cyber Cafe Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Cyber Cafe Management System version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the admin username parameter, which can lead to cross-site scripting XSS attacks. Recommendations: F...

weak Password Policy while creating a new User with the Admin Account

Hello, I was able to detect weak Password Policy while allowing an administrator to create a new account. Lets create an account, set the Password to 1 and login with it. As you can see its number 1. When i click set it will not accept We need to specify that the user will change his password aft...

CVE-2022-4303

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms...

PT-2022-24376 · Safe · Fme Server

Name of the Vulnerable Software and Affected Versions: Safe Software FME Server versions prior to v2022.0.1.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page, specifically through a cross-site scripting XSS...

PT-2022-24560 · Transtek · Transtek Mojodat Fam

Name of the Vulnerable Software and Affected Versions: Transtek Mojodat FAM Fixed Asset Management version 2.4.6 Description: The issue allows remote attackers to fetch cleartext passwords upon a successful login request. This is related to the mobile application in Transtek Mojodat FAM...

How to block users from logging in VPN during non-working hours

This article address a configuration sample to block users from logging in VPN during non-working hours...

PT-2022-10466 · Hitachi Energy · Txpert Hub Coretec 4

Name of the Vulnerable Software and Affected Versions: Hitachi Energy TXpert Hub CoreTec 4 versions 2.0.0 through 2.2.1 Description: A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the...

PT-2022-4982 · Linux Pam +2 · Linux-Pam +2

Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.5.2-6.1 Description: The issue is related to the pam access.so module of the Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS...