Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the authentication process in the Userpass or LDAP systems. An attacker can circumvent intended user lockout protections by exploiting differences in user entity alias attribution between pre-flight and full login...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to validating the provided TOTP code during login MFA. An attacker can gain unauthorized access to sensitive data by bypassing internal rate limiting and reusing existing TOTP codes by including whitespace in the TOTP...

PT-2024-18918 · Fastecdsa · Fastecdsa

Name of the Vulnerable Software and Affected Versions: fastecdsa versions prior to 2.3.2 Description: The issue is related to the use of an uninitialized variable on the stack, specifically via the curvemath mul function in src/curveMath.c. This variable is used and interpreted as a user-defined...

Use of Uninitialized Variable

Overview fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures. Affected versions of this package are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted a...

PT-2020-15354 · Jenkins · Jenkins Logstash Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Logstash Plugin versions 2.3.1 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form. This potentially results in their exposure through...

PT-2019-7686 · WordPress · Aryo-Activity-Log

Name of the Vulnerable Software and Affected Versions: aryo-activity-log plugin versions prior to 2.3.2 for WordPress Description: The issue is related to a Cross-Site Scripting XSS problem. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a website...