CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

CVE-2026-24436

The CVE-2026-24436 entry affects Shenzhen Tenda W30E V2 firmware and is caused by the device failing to enforce rate limiting or account lockout on authentication endpoints through V16.01.0.19(5037) and earlier. This enables unrestricted brute-force attempts against administrative credentials, im...

CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

PT-2026-4793

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...

PT-2024-15819 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpIPAM version 1.5.1 Description: The issue allows an attacker to bypass the IP block mechanism, enabling brute force attacks on user accounts, including the admin account, by utilizing the 'X-Forwarded-For' header. This is due to the get us...

oBlog - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Brute Force

------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip Author of this full disclosure: Milos Zivanovic Vulnerabilities: Persistant XSS, CSRF,...

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip...