Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

939 matches found

OSV
OSVadded 2026/02/25 2:24 a.m.4 views

CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

7.1CVSS5.5AI score0.00307EPSS
Exploits1References4
OSV
OSVadded 2026/02/24 4:39 p.m.4 views

CVE-2024-48928 Piwigo's secret key can be brute forced

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secretkey configuration parameter is set to MD5RAND in MySQL. However, RAND only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is...

6.9CVSS5.6AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.4 views

PT-2026-5775

Name of the Vulnerable Software and Affected Versions Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress versions prior to 2.19.18 Description The Spectra Gutenberg Blocks plugin for WordPress is susceptible to information disclosure. The plugin does not verify...

5.3CVSS5.4AI score0.00346EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2026/01/12 12:0 a.m.4 views

PT-2026-2295

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.1.0 Description Lychee is a free, open-source photo-management tool. A flaw exists in the album password unlock functionality that could allow users to gain unauthorized access to other users' password-protected...

2.3CVSS6.6AI score0.00233EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/01/09 10:39 a.m.4 views

CVE-2022-35932

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...

5.3CVSS6.9AI score0.0105EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:11 a.m.11 views

CVE-2019-11092

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

4.4CVSS6.4AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:28 a.m.6 views

CVE-2019-12756

Symantec Endpoint Protection SEP, prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights...

2.3CVSS6.7AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/12/31 9:12 a.m.2 views

CVE-2025-15102

DVP-12SE11T - Password Protection Bypass...

9.8CVSS7AI score0.00273EPSS
Exploits0References1
OSV
OSVadded 2025/12/30 9:15 a.m.2 views

CVE-2025-15102

DVP-12SE11T - Password Protection Bypass...

9.8CVSS5.8AI score0.00273EPSS
Exploits0References1
NVD
NVDadded 2025/12/30 9:15 a.m.4 views

CVE-2025-15102

DVP-12SE11T - Password Protection Bypass...

9.8CVSS0.00273EPSS
Exploits0References1
CVE
CVEadded 2025/12/30 8:48 a.m.6 views

CVE-2025-15102

CVE-2025-15102 impacts Delta Electronics DVP-12SE11T PLC. The vulnerability is a password protection bypass that can be exploited remotely without authentication, potentially allowing unauthorized access and manipulation of PLC functionality. Fixed via firmware updates in late December 2025. Conn...

9.8CVSS6.5AI score0.00273EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/11/04 6:43 p.m.4 views

CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

9.3CVSS0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/14 9:46 a.m.2 views

CVE-2025-10720

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

6.5CVSS7.1AI score0.00271EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/13 12:31 p.m.3 views

EUVD-2025-34063

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

6.6AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/13 9:37 a.m.2 views

CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

6.7AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/13 9:37 a.m.8 views

CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

0.00271EPSS
Exploits0References1
CVE
CVEadded 2025/10/13 9:37 a.m.10 views

CVE-2025-10720

CVE-2025-10720 stems from WP Private Content Plus (through version 3.6.2) relying on a client-side cookie for access control, allowing unauthenticated attackers to bypass password protection by manually setting the cookie. Multiple sources (NVD/NVD-enriched, Red Hat, CNNVD, EUVD, CIRCL sightings,...

6.5CVSS6.7AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/13 12:0 a.m.3 views

PT-2025-41778

Name of the Vulnerable Software and Affected Versions WP Private Content Plus versions through 3.6.2 Description The software includes a content protection feature requiring a password, but the access control check relies solely on a client-side cookie. An unauthenticated attacker can bypass the...

6.9AI score0.00271EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-17871

Malware in sbrugna...

6.5CVSS6.4AI score0.01122EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-24413

Malware in sbrugna...

7.5CVSS7.6AI score0.0149EPSS
Exploits0References2
Rows per page
Query Builder