Lucene search
K

192497 matches found

Vulnrichment
Vulnrichment
added 2026/02/03 2:32 p.m.3 views

CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.5AI score0.00713EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:32 p.m.7 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.5AI score0.00713EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/03 2:32 p.m.32 views

CVE-2025-13473

CVE-2025-13473 affects Django 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The vulnerability lies in django.contrib.auth.handlers.modwsgi.check_password(), where authentication via mod_wsgi can allow remote attackers to enumerate users via a timing attack. Earlier/unsupported serie...

5.3CVSS5.5AI score0.00713EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/03 2:32 p.m.27 views

CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

0.00713EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/02/03 2:32 p.m.6 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.5AI score0.00713EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/03 2:7 p.m.6 views

CVE-2025-61641

A flaw was found in MediaWiki. A remote attacker can exploit this vulnerability without requiring user interaction or privileges. This issue, associated with the includes/api/ApiQueryAllPages.Php program file, may lead to a low impact Denial of Service DoS. Mitigation Mitigation for this issue is...

6.3CVSS5.2AI score0.00272EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/03 2:7 p.m.6 views

CVE-2025-6593

A flaw was found in MediaWiki. A remote attacker, by enticing a user to interact with malicious content, could potentially exploit a vulnerability in the includes/user/User.Php file. This could lead to the disclosure of limited sensitive information. Mitigation Mitigation for this issue is either...

2.1CVSS5.1AI score0.00396EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/03 2:4 p.m.7 views

CVE-2025-6591

A flaw was found in MediaWiki, specifically within the ApiFeedContributions.Php program file. This vulnerability could potentially be exploited by a remote attacker with high privileges, requiring user interaction. Mitigation Mitigation for this issue is either not available or the currently...

5.2AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 2:0 p.m.3 views

UBUNTU-CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.8AI score0.00713EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/03 2:0 p.m.8 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.9AI score0.00713EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 11:37 a.m.6 views

CLSA-2026-1770118623 java-1.8.0-openjdk: Fix of CVE-2026-21945

Update to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b03. - CVE-2026-21945: Security component vulnerability allowing unauthenticated attacker with network access to cause hang or crash DoS...

7.5CVSS6.6AI score0.00864EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/03 11:15 a.m.6 views

CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

7.8CVSS6AI score0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:52 a.m.5 views

CVE-2025-67851 Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

6.1CVSS5.7AI score0.00251EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/03 8:16 a.m.4 views

Improper TLS Certificate Validation

github.com/neuvector/neuvector is vulnerable to improper TLS certificate validation. The vulnerability is due to TLS verification not being enforced by default for OpenID Connect authentication, which allows an attacker to perform man-in-the-middle MITM attacks by intercepting or tampering with...

8.8CVSS7.7AI score0.00321EPSS
Exploits0References4Affected Software1
Securelist
Securelist
added 2026/02/03 8:10 a.m.29 views

The Notepad++ supply chain attack — unnoticed execution chains and new IoCs

UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. Introduction On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...

6.2AI score
Exploits0
NVD
NVD
added 2026/02/03 3:15 a.m.8 views

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:28 a.m.9 views

CVE-2026-24935

CVE-2026-24935: A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server, enabling a MitM attacker to intercept or redirect the NAT tunnel establishment. This vulnerability could disrupt service availability or enable targeted attacks by ac...

6.3CVSS5.5AI score0.00144EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 2:26 a.m.4 views

CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:26 a.m.7 views

EUVD-2026-5285

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:19 a.m.5 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References1
Rows per page
Query Builder