Lucene search
K

278 matches found

NVD
NVD
added 2025/10/31 9:15 a.m.8 views

CVE-2025-12094

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS0.0031EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/31 8:25 a.m.7 views

CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/31 8:25 a.m.5 views

EUVD-2025-37313

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS5.7AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 3:2 p.m.6 views

GO-2025-4051 Mattermost Server does not enforce rate limits on password change attempts in github.com/mattermost/mattermost-server

Mattermost Server does not enforce rate limits on password change attempts in github.com/mattermost/mattermost-server...

7.5CVSS7.1AI score0.00891EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/29 7:41 p.m.2 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via insufficient enforcement of authentication attempt limits in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks against OTP, TOTP, or passwor...

9.8CVSS7AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 7:41 p.m.4 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via insufficient enforcement of authentication attempt limits in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks against OTP, TOTP, or passwor...

9.8CVSS7AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/23 9:31 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by sending specially crafted JSON payloads that bypass rate limiting. Note: This is...

8.7CVSS6.7AI score0.00697EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/23 9:31 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by...

8.7CVSS6.7AI score0.00697EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 9:31 p.m.6 views

GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.8AI score0.00517EPSS
Exploits0References5
NVD
NVD
added 2025/10/23 8:15 p.m.8 views

CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS0.00517EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/10/23 7:14 p.m.6 views

Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Summary Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for HCSEC-2025-24 which allowed for processing JSON payloads before applying rate limits. This vulnerability,...

7.5CVSS7.1AI score0.00517EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2025/10/21 12:0 a.m.6 views

Forward to Hell? on the Potentials of Misusing Transparent DNS Forwarders in Reflective Amplification Attacks

The DNS infrastructure is infamous for facilitating reflective amplification attacks. Various countermeasures such as server shielding, access control, rate limiting, and protocol restrictions have been implemented. Still, the threat remains throughout the deployment of DNS servers. In this paper...

7AI score
Exploits0
NVD
NVD
added 2025/10/20 1:15 p.m.5 views

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...

7.1CVSS0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19486

Malware in sbrugna...

5.3CVSS5.2AI score0.01374EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5448

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24637

Malicious code in bioql PyPI...

6.3CVSS4.8AI score0.00636EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-27702

Malicious code in bioql PyPI...

6.3CVSS8.3AI score0.7275EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0650

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00902EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-30935

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00889EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52780

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00571EPSS
Exploits0References2
Rows per page
Query Builder