Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 5:3 p.m.8 views

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

9.8CVSS6.1AI score0.00764EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-35731

Name of the Vulnerable Software and Affected Versions nginx-ui versions prior to 2.3.8 Description An authentication bypass exists in the backup restore functionality. During the first 10 minutes after a fresh installation or any process restart, the 'POST /api/restore' endpoint is completely...

9.8CVSS6AI score0.00764EPSS
Exploits1References20
Vulnrichment
Vulnrichment
added 2025/12/16 9:20 a.m.5 views

CVE-2025-14002 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...

8.1CVSS6.2AI score0.00441EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/17 4:52 p.m.7 views

CVE-2025-35432 CISA Thorium does not rate limit account verification email messages

CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes...

6.9CVSS0.00528EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/17 4:52 p.m.6 views

CVE-2025-35432 CISA Thorium does not rate limit account verification email messages

CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes...

6.9CVSS6.6AI score0.00528EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/01/20 3:10 a.m.4 views

SUSE CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

3.7CVSS6.9AI score0.00452EPSS
Exploits0References3
OSV
OSV
added 2021/08/08 8:15 p.m.1 views

UBUNTU-CVE-2021-38207

drivers/net/ethernet/xilinx/lltemacmain.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service buffer overflow and lockup by sending heavy network traffic for about ten minutes...

7.5CVSS6.8AI score0.03354EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2019/02/06 7:36 a.m.2 views

How to Delete Accidentally Sent Messages, Photos on Facebook Messenger

Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat? Of course, you have. We have all been through drunk texts and embarrassing...

6.7AI score
Exploits0
OSV
OSV
added 2018/04/16 9:29 p.m.3 views

CVE-2018-10070

A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The...

7.5CVSS5.8AI score0.12987EPSS
Exploits5References2
Rows per page
Query Builder