42 matches found
PT-2026-60799
A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...
CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion
Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...
CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...
CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...
CVE-2026-44367
Klaw (self-service Apache Kafka Topic Management/Governance tool) is affected prior to v2.10.4 by inconsistent case-sensitivity handling in user registration and login, enabling targeted DoS and complete account lockout. Root cause: username case handling leads to lockout conditions. Impact: Deni...
EUVD-2021-14523
Malware in sbrugna...
EUVD-2019-19074
Malware in sbrugna...
EUVD-2025-23396
Malicious code in bioql PyPI...
EUVD-2023-2025
Malicious code in bioql PyPI...
SUSE CVE-2025-54998
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-54998
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
PT-2025-32380 · Openbao · Openbao
Name of the Vulnerable Software and Affected Versions: OpenBao versions 0.1.0 through 2.3.1 Description: Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP authentication systems. This was caused by different aliasing between pre-flight and full login...
BIT-VAULT-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6004
A flaw was found in github.com/hashicorp/vault. The user lockout feature for Userpass and LDAP authentication methods can be bypassed, allowing an attacker to circumvent account lockout restrictions. This circumvention occurs without requiring prior authentication or knowledge of user credentials...
CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6004
CVE-2025-6004 describes a bypass of Vault’s user lockout feature for Userpass and LDAP authentication. Root cause details are not fully enumerated in the provided docs, but fixes are stated: Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23 address the issue...
CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...