Lucene search
K

144 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.8 views

CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...

9.8CVSS7.1AI score0.01446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.8 views

CVE-2019-19093

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords...

6.5CVSS7.1AI score0.00832EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2021-3563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity...

7.4CVSS6.5AI score0.01319EPSS
Exploits1References3
NVD
NVD
added 2025/01/04 2:15 a.m.29 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5CVSS0.00341EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.5 views

PT-2025-4486 · Optimizely · Episerver.Cms.Core

Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum...

7.5CVSS7.2AI score0.00341EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/01/04 12:0 a.m.32 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.8 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.6 views

Optimizely EPiServer.CMS.Core 安全漏洞

Optimizely EPiServer.CMS.Core is a content management system core from Optimizely, Inc. A security vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.32.0 that stems from insufficient complexity of the required password...

7.5CVSS6.5AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/01/04 12:0 a.m.75 views

CVE-2025-22390

Optimizely EPiServer.CMS.Core prior to 12.32.0 contains a password- policy weakness where passwords as short as 6 characters may be set due to insufficient complexity enforcement. This vulnerability could enable offline cracking or password spraying in theory, given weak password requirements. Af...

7.5CVSS6.6AI score0.00341EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/11/26 7:15 p.m.27 views

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

8.8CVSS0.00536EPSS
Exploits0References1
CVE
CVE
added 2024/11/26 6:52 p.m.2797 views

CVE-2024-52008

Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...

8.8CVSS6.5AI score0.00536EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/08/16 7:15 p.m.11 views

CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...

9.8CVSS0.01446EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.7 views

PT-2024-30183 · Unknown · Silverpeas

Name of the Vulnerable Software and Affected Versions: Silverpeas versions 6.4.2 and lower Description: An issue in the password change function allows for the bypassing of password complexity requirements. Recommendations: For Silverpeas versions 6.4.2 and lower, update to a version that include...

9.8CVSS7.1AI score0.01446EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/08/16 12:0 a.m.11 views

CVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...

9.7AI score0.01446EPSS
Exploits1References2
CVE
CVE
added 2024/08/16 12:0 a.m.51 views

CVE-2024-42850

Silverpeas contains a vulnerability in the password-change flow (affecting v6.4.2 and earlier) that allows bypassing password complexity requirements. This is described across multiple sources (CVE-2024-42850, Red Hat/CVE, GHSA advisory, OSV) as a critical issue. Impact: bypass of password rules ...

9.8CVSS7.2AI score0.01446EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.3 views

Silverpeas 安全漏洞

Silverpeas is a suite of open source business collaboration platforms from Silverpeas Open Source. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas v6.4.2 and earlier versions that stems from a problem...

9.8CVSS6.5AI score0.01446EPSS
Exploits1References3
CISA
CISA
added 2024/08/08 12:0 p.m.7 views

Best Practices for Cisco Device Configuration

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protoco...

6.8AI score
Exploits0References3
NVD
NVD
added 2024/06/14 4:15 p.m.18 views

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...

6.3CVSS0.00301EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/14 12:0 a.m.13 views

CVE-2024-33373

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack...

7AI score0.00301EPSS
Exploits0References2
CVE
CVE
added 2024/06/14 12:0 a.m.49 views

CVE-2024-33373

The CVE-2024-33373 issue affects LB-LINK BL-W1210M v2.0 routers. The vulnerability allows bypassing password complexity requirements and setting single-digit passwords, enabling brute-force access to the device. Public documents consistently reference the router model and the authentication weakn...

6.3CVSS7.1AI score0.00301EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder