Lucene search
K

355 matches found

NVD
NVD
added 2026/06/30 2:16 p.m.12 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.6 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 1:37 p.m.8 views

EUVD-2026-40324

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:41 p.m.6 views

CVE-2026-54092

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/20 3:24 p.m.12 views

EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/14 5:21 p.m.9 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/12 9:51 p.m.15 views

File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

6.5CVSS5.3AI score0.00484EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/06/12 9:51 p.m.12 views

GHSA-W5FM-68J4-FPC4 File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

8.7CVSS5.3AI score0.00484EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49065

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description Lack of maximum length validation for passwords allows an arbitrarily large string to be passed into the login API. When a large password is submitted, the CheckPwd function in users/password.g...

6.5CVSS5.8AI score0.00484EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

9.1CVSS5.8AI score0.00237EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/29 5:42 p.m.20 views

CVE-2026-44611 MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

5.9CVSS5.8AI score0.00141EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.10 views

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...

9.1CVSS7.2AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 6:27 p.m.9 views

USN-8309-1 libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

9.1CVSS7.2AI score0.00466EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/26 6:27 p.m.95 views

USN-8309-1: libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

9.1CVSS5.8AI score0.00466EPSS
Exploits0
OSV
OSV
added 2026/05/16 1:36 a.m.8 views

CLSA-2026-1778895374 Fix CVE(s): CVE-2026-7598

SECURITY UPDATE: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - debian/patches/CVE-2026-7598.patch: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - CVE-2026-7598...

9.1CVSS5.9AI score0.00466EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/14 7:22 p.m.13 views

libssh2: Fix of CVE-2026-7598

CVE-2026-7598: add usernamelen/passwordlen bounds checks in userauthlist and userauthpassword to prevent integer overflow when allocating the SSH USERAUTHREQUEST packet buffer...

9.1CVSS7.2AI score0.00466EPSS
Exploits0
Snyk
Snyk
added 2026/05/01 11:28 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the userauthpassword function in userauth.c. An attacker can cause memory corruption or potentially execute arbitrary code by sending specially crafted values for usernamelen or passwordlen remotely...

9.1CVSS6.2AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 10:16 p.m.8 views

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

9.1CVSS0.00466EPSS
Exploits0References11
CVE
CVE
added 2026/05/01 9:30 p.m.137 views

CVE-2026-7598

CVE-2026-7598 affects libssh2 up to 1.11.1. The vulnerability resides in userauth_password in src/userauth.c, where manipulation of username_len/password_len can trigger an integer overflow in the SSH USERAUTH_REQUEST buffer. Exploitation is described as potentially remote. A patch is available (...

9.1CVSS7AI score0.00466EPSS
Exploits0References11Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/01 9:30 p.m.10 views

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

9.1CVSS6.9AI score0.00466EPSS
Exploits0References11
Rows per page
Query Builder