458 matches found
CVE-2026-27753 SODOLA SL902-SWTGW124AS <= 200.1.20 Improper Login Rate Limiting
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate...
CVE-2026-27753
CVE-2026-27753 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where an authentication bypass in the device management interface allows remote attackers to perform unlimited login attempts without account lockout or rate limiting. This network-vector vulnerability enables passwor...
MiracleLinux 4 : samba-3.6.9-168.AXS4.0.1 (AXSA:2014-176:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-176:02 advisory. CVE-2012-6150 The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group...
EUVD-2026-1884
OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint /account/changepassword was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker...
CVE-2025-53960
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
EUVD-2025-203092
Apache StreamPark: Use the user’s password as the secret key Vulnerability...
WBCE CMS 安全漏洞
WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A security vulnerability exists in WBCE CMS version 1.6.4, which stems from a brute force protection bypass that could lead to unlimited password guessing attempts...
CVE-2025-66204 WBCE CMS allows brute-force protection bypass using X-Forwarded-For header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...
CVE-2025-66204 WBCE CMS allows brute-force protection bypass using X-Forwarded-For header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...
Timing Attack
Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...
Moodle vulnerable to brute-force password guesses
Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...
EUVD-2021-12934
Malware in sbrugna...
EUVD-1999-1010
Malware in sbrugna...
EUVD-2016-9941
Malware in sbrugna...
EUVD-2008-4296
Malware in sbrugna...
EUVD-2002-2007
Malware in sbrugna...
EUVD-2000-0924
Malware in sbrugna...
EUVD-2005-0433
Malware in sbrugna...
EUVD-2020-28650
Malware in sbrugna...
EUVD-2007-3269
Malware in sbrugna...