Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36607

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

8.8CVSS5.5AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.5AI score0.00218EPSS
Exploits1References1
CVE
CVE
added 2026/06/03 12:0 a.m.9 views

CVE-2026-36607

Mercusys AC12G (EU) V1 router, firmware AC12G(EU)_V1_200909, is affected by CVE-2026-36607. The TDDP password change endpoint (code=10) allows unauthenticated brute-force attempts without rate limiting, unlike the login endpoint (code=7). An attacker on an adjacent network can attempt unlimited p...

8.8CVSS5.8AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.8 views

CVE-2026-36607

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

5.8AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.9 views

EUVD-2026-34146

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

8.8CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:21 p.m.7 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/05 8:32 p.m.5 views

CVE-2025-12995

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

9.8CVSS7.1AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/01 5:19 p.m.10 views

CVE-2025-8679 ExtremeGuest Essentials Captive Portal Unauthenticated Brute Force

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and...

7.6CVSS6.5AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.2 views

SAP NetWeaver AS 安全漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but also serves as the basic platform for SAP software. A security vulnerability exists in SAP NetWeaver AS version 7.5 that originates from a vulnerability that allows an unauthenticated...

5.3CVSS6.7AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/16 12:0 a.m.4 views

PT-2024-19414 · Dell · Dell Recoverpoint For Virtual Machines

Name of the Vulnerable Software and Affected Versions: Dell RecoverPoint for Virtual Machines versions 5.3.x through 6.0.SP1 Description: The issue allows an unauthenticated remote attacker to launch a brute force attack or a dictionary attack against the RecoverPoint login form, enabling them to...

9.8CVSS7AI score0.00458EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2023/08/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-20269

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN...

9.1CVSS7.3AI score0.21583EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-11852 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: WPS Hide Login plugin for WordPress versions up to, and including, 1.5.4.2 Description: The issue allows unauthenticated attackers to brute force credentials on sites, even when the plugin settings are set to hide the login page. This enables...

7.5CVSS7.5AI score0.00777EPSS
Exploits1References6
OSV
OSV
added 2018/04/13 1:29 p.m.3 views

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

9.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder