Lucene search
K

54 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6312

Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00219EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-8649

Malware in sbrugna...

7.4CVSS6.7AI score0.02301EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-32059

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00491EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-7836

Malicious code in bioql PyPI...

9.8CVSS5.5AI score0.00962EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager versions 2025.1.24 through 2025.1.25 and 2024.3.29 and earlier, which stems from improper...

3.6CVSS7AI score0.00164EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2020-15115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of on...

7.5CVSS7.2AI score0.01342EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/02/18 6:31 a.m.19 views

Watch where you point that cred! Part 1

TL;DR Poorly protected authentication requests from privileged automated tasks e.g. vulnerability scanners, health checks could be intercepted by rogue authentication servers planted in the internal network. Weak authentication methods, overly broad privileges and scopes, as well as poor network...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/10 11:0 a.m.16 views

Don't Overlook These 6 Critical Okta Security Configurations

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/15 12:5 p.m.10 views

Good Essay on the History of Bad Password Policies

Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson's work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistak...

7.4AI score
Exploits0
NVD
NVD
added 2024/10/17 3:15 p.m.17 views

CVE-2024-9683

A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the...

5.3CVSS0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.9 views

PT-2024-39760 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overa...

5.3CVSS7.2AI score0.00288EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2024/10/11 11:0 a.m.45 views

How Hybrid Password Attacks Work and How to Defend Against Them

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods,...

7.4AI score
Exploits0
NVD
NVD
added 2024/07/26 12:15 p.m.29 views

CVE-2024-41686

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this...

7.3CVSS0.00157EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 3:18 p.m.12 views

CVE-2024-2257

This vulnerability exists in Digisol Router DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02 due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the...

9.1CVSS6.4AI score0.01026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/13 9:17 a.m.16 views

CVE-2024-3263 Improper authentication in YMS VIS Pro

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

9.8CVSS7.2AI score0.00795EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/13 9:17 a.m.22 views

CVE-2024-3263 Improper authentication in YMS VIS Pro

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

9.8CVSS9.7AI score0.00795EPSS
Exploits0References2
CVE
CVE
added 2024/05/13 9:17 a.m.49 views

CVE-2024-3263

CVE-2024-3263 affects YMS VIS Pro due to improper system-credentials generation and weak password policy, enabling brute-force login attempts. Public details identify affected versions as VIS Pro 3.3.0.7). There is no explicit exploitation details or public in-the-wild exploit information provide...

9.8CVSS7AI score0.00795EPSS
Exploits0References2
CVE
CVE
added 2024/05/10 1:26 p.m.34 views

CVE-2024-2257

Summary of CVE-2024-2257 (Digisol Router DG-GR1321) : The vulnerability affects Digisol Router DG-GR1321 (hardware version 3.7L; firmware v3.2.02). It arises from improper implementation of password policies, enabling an attacker with physical access to craft passwords that do not conform to the ...

9.1CVSS6.7AI score0.01026EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/03/29 9:42 a.m.8 views

passhash: Potential DoS due to PasswordPoliciesNotMet in errors.go

Summary: Possible DoS depending on amount of PasswordPolicyError instances that can be created in a short time type PasswordPoliciesNotMet struct UnMetPasswordPolicies PasswordPolicyError func e PasswordPoliciesNotMet Error string errorStrs := makestring, 0, lene.UnMetPasswordPolicies for , ppe :...

5.9AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2024/02/01 12:23 a.m.18 views

Stopping Credential Stuffing Attacks: We Need to Do Better

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential...

7.8AI score
Exploits0
Rows per page
Query Builder