Lucene search
+L

458 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 6:9 p.m.5 views

CVE-2026-27753 SODOLA SL902-SWTGW124AS <= 200.1.20 Improper Login Rate Limiting

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate...

6.9CVSS6AI score0.00328EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 6:9 p.m.16 views

CVE-2026-27753

CVE-2026-27753 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where an authentication bypass in the device management interface allows remote attackers to perform unlimited login attempts without account lockout or rate limiting. This network-vector vulnerability enables passwor...

6.9CVSS6AI score0.00328EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 4 : samba-3.6.9-168.AXS4.0.1 (AXSA:2014-176:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-176:02 advisory. CVE-2012-6150 The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group...

5CVSS7.7AI score0.10642EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/10 1:6 a.m.7 views

EUVD-2026-1884

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint /account/changepassword was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker...

6.9CVSS6.6AI score0.0022EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.6 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS6.8AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:30 p.m.5 views

EUVD-2025-203092

Apache StreamPark: Use the user’s password as the secret key Vulnerability...

5.9CVSS6.5AI score0.0022EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

WBCE CMS 安全漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A security vulnerability exists in WBCE CMS version 1.6.4, which stems from a brute force protection bypass that could lead to unlimited password guessing attempts...

8.1CVSS6.7AI score0.00417EPSS
Exploits2References4
OSV
OSV
added 2025/12/08 11:50 p.m.6 views

CVE-2025-66204 WBCE CMS allows brute-force protection bypass using X-Forwarded-For header

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...

6.3CVSS6.9AI score0.00417EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/08 11:50 p.m.36 views

CVE-2025-66204 WBCE CMS allows brute-force protection bypass using X-Forwarded-For header

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...

6.3CVSS0.00417EPSS
Exploits2References3
Veracode
Veracode
added 2025/10/29 2:10 p.m.12 views

Timing Attack

Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.6 views

Moodle vulnerable to brute-force password guesses

Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

7.5CVSS7.2AI score0.00385EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-12934

Malware in sbrugna...

7.5CVSS7.6AI score0.00397EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-1999-1010

Malware in sbrugna...

7.5CVSS6.4AI score0.01571EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9941

Malware in sbrugna...

9.8CVSS9.5AI score0.0223EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-4296

Malware in sbrugna...

6.8CVSS6.1AI score0.027EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-2007

Malware in sbrugna...

2.1CVSS6.4AI score0.0196EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2000-0924

Malware in sbrugna...

7.5CVSS6.4AI score0.07741EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0433

Malware in sbrugna...

5CVSS6.4AI score0.01987EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-28650

Malware in sbrugna...

7.5CVSS7.5AI score0.01484EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-3269

Malware in sbrugna...

10CVSS6.1AI score0.02607EPSS
Exploits0References8
Rows per page
Query Builder