228 matches found
EUVD-2025-203432
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...
CVE-2025-32898
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
UBUNTU-CVE-2025-32898
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
CVE-2025-32898
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
PT-2025-49195
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
CVE-2025-63807
An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...
CVE-2025-63807
An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...
CVE-2025-63807
An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...
PT-2025-47629
Name of the Vulnerable Software and Affected Versions weijiang1994 university-bbs aka Blogin versions prior to commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13 Description The software contains a flaw due to a weak verification code generation mechanism and a lack of rate limiting. This...
CVE-2025-63807
An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...
CVE-2025-63807
An issue was discovered in weijiang1994 university-bbs aka Blogin in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 2025-01-13. A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...
CVE-2025-63807
CVE-2025-63807 affects the weijiang1994 university-bbs (aka Blogin). The weakness is a weak verification code generation mechanism together with missing rate limiting, enabling brute-force attempts on verification codes without authentication. Successful exploitation may lead to account takeover ...
EUVD-2025-35889
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717
CVE-2025-62717 affects Emlog Pro 2.5.23, where a clearing-logic error in session verification code allows reuse of verification codes. The issue has a fix in commit 1f726df. Remediation: upgrade to a version including the fix (per the cited advisories). If upgrading is not possible, apply the pat...
EUVD-2019-18297
Malware in sbrugna...
EUVD-2021-2409
Malware in sbrugna...
EUVD-2014-4492
Malware in sbrugna...
EUVD-2018-3581
Malware in sbrugna...