14 matches found
Strapi 安全漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.45.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism in the users-permissions plugin, which derived rate-limiting keys...
Reliance on Untrusted Inputs in a Security Decision
Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...
Reliance on Untrusted Inputs in a Security Decision
Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...
CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass
OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
EUVD-2024-54379
Malicious code in bioql PyPI...
CVE-2020-11123
u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting users lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...
CVE-2025-3556
A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...
CVE-2024-45551
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...
CVE-2024-45551
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass...
CVE-2024-45551
CVE-2024-45551 targets Qualcomm closed‑source components (Gatekeeper) and describes a cryptographic issue during PIN/password verification. The vulnerability arises when RPMB writes can be dropped on verification failure, potentially enabling a user throttling bypass. The available sources confir...
UBUNTU-CVE-2024-10394
A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...
CVE-2021-43183
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed...