Lucene search
K

63 matches found

SUSE CVE
SUSE CVE
added 2026/03/04 12:31 a.m.3 views

SUSE CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 6:23 p.m.5 views

GO-2026-4520 Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server

Mattermost fails to properly validate login method restrictions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References4
CVE
CVE
added 2026/02/16 9:47 a.m.16 views

CVE-2026-0999

Technical details beyond the summary are not provided in the supplied documents. Monitor for updates from Mattermost advisory MMSA-2025-00548.

5.4CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2025/12/03 12:0 a.m.13 views

Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120

This module enables you to apply time-based login restrictions and display related warning or logout confirmation pages. The module doesn't sufficiently protect its confirmation routes from cross-site request forgery CSRF, allowing the logout confirmation route to be triggered without user...

8.1CVSS5.2AI score0.00135EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-18221

Malware in sbrugna...

9.8CVSS7.6AI score0.01212EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-2153

Malware in sbrugna...

9.8CVSS9.2AI score0.01727EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51869

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00332EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-33788

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00422EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-51868

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.10 views

CVE-2023-2282

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

6.5CVSS7AI score0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:3 a.m.11 views

CVE-2022-4536

The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...

5.3CVSS6.6AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 p.m.8 views

CVE-2022-4529

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can...

5.3CVSS6.6AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/26 12:0 a.m.6 views

Binary Vulnerability in H3C Magic R3000 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technology Co.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A binary vulnerability exists in the H3C Magic R3000 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technologies Limited, which can be exploited by attackers to bypass login restrictions...

7AI score
Exploits0
NVD
NVD
added 2024/12/16 8:15 a.m.16 views

CVE-2024-48872

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, and 9.5.x = 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being...

4.8CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/08 8:33 a.m.30 views

CVE-2022-4534 Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass

The Limit Login Attempts Spam Protection plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can suppl...

5.3CVSS0.00332EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.6 views

PT-2024-32715 · Unknown · Shilpi Client Dashboard

Name of the Vulnerable Software and Affected Versions: Shilpi Client Dashboard affected versions not specified Description: This issue is due to missing restrictions for incorrect login attempts on the API-based login of the Shilpi Client Dashboard. A remote attacker could exploit this by...

9.8CVSS6.9AI score0.00488EPSS
Exploits0References8
OSV
OSV
added 2024/09/19 4:15 a.m.6 views

CVE-2022-4533

The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References2
CVE
CVE
added 2024/09/19 3:59 a.m.50 views

CVE-2022-4533

CVE-2022-4533 affects the WordPress plugin Limit Login Attempts Plus up to version 1.1.0. The vulnerability stems from insufficient restrictions on where the IP Address is retrieved for request logging and login restrictions, allowing an attacker to spoof the IP via the X-Forwarded-For header and...

5.3CVSS5.6AI score0.00218EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/05 11:15 a.m.5 views

CVE-2022-4529

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.10 views

PT-2024-11695 · WordPress · Security

Name of the Vulnerable Software and Affected Versions: Security, Antivirus, Firewall – S.A.F plugin for WordPress versions up to, and including, 2.3.5 Description: The issue is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login...

5.3CVSS6.9AI score0.00228EPSS
Exploits0References6
Rows per page
Query Builder