Lucene search
K

14 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.37 views

Strapi 安全漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.45.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism in the users-permissions plugin, which derived rate-limiting keys...

6.9CVSS6AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/23 6:16 p.m.3 views

Reliance on Untrusted Inputs in a Security Decision

Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...

6.9CVSS5.9AI score0.00328EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/23 6:16 p.m.2 views

Reliance on Untrusted Inputs in a Security Decision

Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...

6.9CVSS5.9AI score0.00328EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 10:7 p.m.7 views

CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

7.5CVSS6AI score0.00294EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.6 views

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS6AI score0.003EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/10 10:43 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...

6.9CVSS6.4AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54379

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.6 views

CVE-2020-11123

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting users lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 8:15 a.m.4 views

CVE-2025-3556

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...

8.1CVSS4.5AI score0.00872EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/04/09 11:20 a.m.20 views

CVE-2024-45551

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...

6.2CVSS6.9AI score0.00108EPSS
Exploits0References3
NVD
NVD
added 2025/04/07 11:15 a.m.7 views

CVE-2024-45551

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...

6.2CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2025/04/07 10:15 a.m.48 views

CVE-2024-45551

CVE-2024-45551 targets Qualcomm closed‑source components (Gatekeeper) and describes a cryptographic issue during PIN/password verification. The vulnerability arises when RPMB writes can be dropped on verification failure, potentially enabling a user throttling bypass. The available sources confir...

6.2CVSS6.6AI score0.00108EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/14 8:15 p.m.3 views

UBUNTU-CVE-2024-10394

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

8.4CVSS7.1AI score0.00202EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/11/09 3:15 p.m.2 views

CVE-2021-43183

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed...

9.8CVSS7.2AI score0.01143EPSS
Exploits0References2
Rows per page
Query Builder