Lucene search
K

18 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 5:41 p.m.6 views

CVE-2026-54092

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 5:41 p.m.22 views

CVE-2026-54092

CVE-2026-54092 affects File Browser before v2.63.6, where the login API at /api/login does not enforce a maximum password length. An arbitrarily long password can be submitted, causing excessive CPU/memory usage and potential container/logs instability, with reports of Docker daemon errors (500) ...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 9:51 p.m.7 views

GHSA-W5FM-68J4-FPC4 File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

8.7CVSS5.3AI score0.00484EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/12 9:51 p.m.14 views

File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

6.5CVSS5.3AI score0.00484EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.7 views

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability. This vulnerability stemmed from improper restrictions on authentication attempts, which could allow attackers to bypass...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22603

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint /account/changepassword was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker...

6.9CVSS7.1AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 4:15 p.m.6 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

5.1CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/10 12:28 a.m.5 views

CVE-2025-66204

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...

8.1CVSS6.9AI score0.00417EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.9 views

PT-2025-49680

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.5 Description WBCE CMS is a content management system susceptible to a brute-force protection bypass. An attacker can reset the attempt counter by manipulating the X-Forwarded-For header with each request, enabli...

8.1CVSS6.7AI score0.00417EPSS
Exploits2References9
OSV
OSV
added 2024/06/11 7:16 p.m.6 views

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

6.5CVSS5.9AI score0.00358EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.13 views

CODESYS Development System Security Vulnerability

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A security vulnerability exists in CODESYS Development System versions prior to 3.5.19.20, which stem...

3.3CVSS6.8AI score0.0014EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/01 8:15 p.m.5 views

CVE-2023-33754

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials...

6.5CVSS6.6AI score0.00656EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.4 views

PT-2022-26192 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.7 Nextcloud Server versions prior to 25.0.0 Description: The issue affects Nextcloud Server, an open source personal cloud server, where prior to versions...

8.1CVSS4.8AI score0.00846EPSS
Exploits2References19
Cvelist
Cvelist
added 2020/10/05 1:15 p.m.30 views

CVE-2020-8228

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...

6.8AI score0.01906EPSS
Exploits1References3
OSV
OSV
added 2017/06/30 3:29 a.m.5 views

CVE-2017-7898

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

9.8CVSS5.8AI score0.0511EPSS
Exploits0References2
OSV
OSV
added 2016/09/18 2:59 a.m.6 views

CVE-2016-0922

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack...

9.8CVSS5.8AI score0.015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/08/16 12:0 a.m.168 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3061-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3061-1 advisory. Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could...

7.8CVSS6.9AI score0.88944EPSS
Exploits17References3
CERT
CERT
added 2001/05/01 12:0 a.m.16 views

Microsoft Windows 2000 Workstation in mixed-mode domain may ignore domain account lockout restriction due to flaw in NTLM authentication

Overview A flaw in certain configurations of Windows 2000 can allow an intruder to make an unlimited number of guesses to attempt to determine a password, despite policies intended to limit the number of guesses. Description Domain administrators can set policies governing certain aspects of...

6.8AI score
Exploits0References3
Rows per page
Query Builder