Lucene search
K

9 matches found

EUVD
EUVD
added 2026/04/22 6:30 a.m.4 views

EUVD-2026-24607

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.7AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34250

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.7AI score0.00215EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 8:44 p.m.2 views

GHSA-77XJ-RRH3-WX3V `time_calibrator` was removed from crates.io due to malicious code

It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...

6AI score
Exploits0References1
RustSec
RustSec
added 2026/03/03 12:0 p.m.5 views

`time_calibrator` was removed from crates.io due to malicious code

It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/03 10:38 a.m.5 views

[updated] A fake cloud storage alert that ends at Freecash

Last week we talked about an app that promises users they can make money testing games, or even just by scrolling through TikTok. Imagine our surprise when we ended up on a site promoting that same Freecash app while investigating a “cloud storage” phish. We’ve all probably seen one of those...

5.2AI score
Exploits0
OSV
OSV
added 2022/01/09 2:46 a.m.2 views

GSD-2022-1000007 colors.js 1.4.1 has an infinite loop added by the primary developer

colors.js had an infinite loop added by the primary developer in version 1.4.1 and 6.6.6 which was released on GitHub and NPM which reports it as having 3,179 dependent packages that rely upon it. Additionally the GitHub repo was wiped of all files. This appears to have been done intentionally in...

7.1AI score
Exploits0
NCSC
NCSC
added 2021/06/24 12:0 a.m.3 views

Vulnerability fixed in MediaWiki

A vulnerability has been fixed in MediaWiki. The vulnerability allows an authenticated remote malicious person to delete delete pages while the account is locked. MediaWiki has released new versions to fix the vulnerability. fix. More information can be found on the page below:...

7.5CVSS6.5AI score0.01943EPSS
Exploits1
Cvelist
Cvelist
added 2017/07/14 2:0 p.m.22 views

CVE-2017-10604 Junos OS: SRX Series: Cluster configuration sync failures occur if the root user account is locked out

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operatio...

5.3CVSS5.6AI score0.00877EPSS
Exploits0References2
NVD
NVD
added 2005/12/31 5:0 a.m.11 views

CVE-2005-4764

BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service blocked admin logins...

7.8CVSS6.9AI score0.01612EPSS
Exploits0References3
Rows per page
Query Builder