CVE-2026-8760

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

Security Bulletin: IBM® Db2® is vulnerable to users regaining access without admin help after account lockout (CVE-2025-33012)

Summary IBM® Db2® is vulnerable to allowing an authenticated user to regain access after account lockout due to password use after expiration date. Vulnerability Details CVEID:CVE-2025-33012 DESCRIPTION: IBM Db2 for Linux could allow an authenticated user to regain access after account lockout du...

IBM DB2 User to Regain Access After Account Lockout (7250469) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to...

CVE-2025-33012

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

CVE-2025-33012 IBM Db2 improper account lockout

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

CVE-2025-33012 IBM Db2 improper account lockout

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

PT-2025-45485

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 10.5.0 through 10.5.11 IBM Db2 versions 11.1.0 through 11.1.4.7 IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.3 Description The software contains a flaw that may allow an authenticated user to...

EUVD-2004-0041

Malware in sbrugna...

EUVD-2011-4872

Malware in sbrugna...

EUVD-2021-19741

Malware in sbrugna...

EUVD-2021-2430

Malware in sbrugna...

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

...

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

RHEL 5 : freeradius (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freeradius: Out-of-bounds write in radcoalesce CVE-2017-10979 - modules/rlmunix/rlmunix.c in FreeRADIUS...

answer access control error vulnerability (CNVD-2023-29700)

answer is an open source knowledge-based community software. An access control error vulnerability exists in versions of answer prior to 1.1.6, which stems from prolonged password expiration. An attacker could exploit the vulnerability to account account takeover...

SUSE CVE-2004-0041

The modauthshadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions...

SUSE CVE-2011-4966

modules/rlmunix/rlmunix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password...

Cisco Identity Services Engine Administrator Password Lifetime Expiration Issue

An issue in the Password Policy settings of Cisco Identity Services Engine ISE could allow an administrator to use expired credentials to gain access to the web management interface. When the Password Lifetime setting for the administrator password policy is used to set the password to expire, th...

Maddy Mail Server 安全漏洞

Maddy Mail Server is a composable all-in-one mail server from the Russian individual developer Max Mazurov. A security vulnerability exists in maddy Mail Server versions prior to 0.5.4, which stems from not implementing password expiration or account expiration checks when using PAM for...