Lucene search
K

138 matches found

Veracode
Veracode
added 2025/10/14 7:19 a.m.6 views

Brute-Force Attack

ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...

6.5CVSS7.3AI score0.00277EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5245

Malware in sbrugna...

9.8CVSS9.5AI score0.01462EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-1501

Malware in sbrugna...

7.5CVSS7.6AI score0.02157EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.13 views

PT-2025-36508

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...

6.5CVSS6AI score0.00277EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 p.m.12 views

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

7.5CVSS7AI score0.02157EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.10 views

CVE-2019-13983

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php...

9.8CVSS6.9AI score0.01462EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:51 a.m.18 views

BIT-ARGO-CD-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

7.5CVSS7.6AI score0.02157EPSS
Exploits1References4
Veracode
Veracode
added 2021/07/28 5:7 a.m.8 views

Insecure Access Controls

github.com/argoproj/argo-cd uses insecure access controls. The Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-brute-force measures. An attacker is able to repeatedly perform authentication attempts to discover user credentials...

7.5CVSS6.8AI score0.02157EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/07/26 9:19 p.m.26 views

GHSA-XCQR-9H24-VRGW Improper Restriction of Excessive Authentication Attempts in Argo API

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. Specific Go Packages Affected...

7.5CVSS7.6AI score0.02157EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2021/07/26 9:19 p.m.73 views

Improper Restriction of Excessive Authentication Attempts in Argo API

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. Specific Go Packages Affected...

7.5CVSS7.5AI score0.02157EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/07/26 12:0 a.m.35 views

Improper Restriction of Excessive Authentication Attempts

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

7.5CVSS4AI score0.02157EPSS
Exploits1References9Affected Software1
Akamai Blog
Akamai Blog
added 2020/10/13 10:0 p.m.52 views

API Discovery and Profiling -- Visibility to Protection

APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting internet-facing APIs -- an emerging practice over the past few years -- is the...

0.4AI score
Exploits0
CNVD
CNVD
added 2020/04/09 12:0 a.m.3 views

Argo Authorization Issue Vulnerability (CNVD-2020-27456)

Argo is an open source container native workflow engine. Argo suffers from an authorization issue vulnerability that stems from the program not implementing anti-automation protections. An attacker could use this vulnerability to brute-force break the administrator password...

7.5CVSS6.9AI score0.02157EPSS
Exploits1References1
NVD
NVD
added 2020/04/08 8:15 p.m.29 views

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

7.5CVSS7.7AI score0.02157EPSS
Exploits1References4
OSV
OSV
added 2020/04/08 8:15 p.m.26 views

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

7.5CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2020/04/08 8:15 p.m.22 views

Authentication flaw

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

5CVSS7.7AI score0.02157EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/04/08 7:43 p.m.79 views

CVE-2020-8827

Argo CD is affected by a rate-limiting/brute-force vulnerability built on a weak, cache-based login attempt tracker. Prior to versions 2.8.13, 2.9.9, and 2.10.4, attackers can overflow the per-user login-attempt cache, bypass rate limits, and escalate brute-force attempts against the default admi...

7.5CVSS7.6AI score0.02157EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/04/08 7:43 p.m.38 views

CVE-2020-8827

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

7.7AI score0.02157EPSS
Exploits1References4
OSV
OSV
added 2019/07/19 3:15 p.m.20 views

CVE-2019-13983

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php...

9.8CVSS6.9AI score
Exploits0References2
CVE
CVE
added 2019/07/19 2:17 p.m.102 views

CVE-2019-13983

Directus 7 API before 2.2.2 is affected by insufficient anti-automation due to lack of CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. This creates a risk of automated login attempts (brute force). The evidence across multiple sources confirms the vulnerability in Direct...

9.8CVSS9.4AI score0.01462EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder