Lucene search
+L

2451 matches found

Nuclei
Nuclei
added yesterday55 views

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS5.9AI score0.01595EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday139 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS4.8AI score0.00848EPSS
Exploits2References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

6.1AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43095

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43074

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

6.1AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 11:16 p.m.7 views

CVE-2026-42952

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS0.0038EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 10:9 p.m.32 views

CVE-2026-42952 Hydro-Québec Le Circuit Electrique charging station backend Improper Restriction of Excessive Authentication Attempts

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS0.0038EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 9:46 p.m.33 views

CVE-2026-15079 Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 9:46 p.m.6 views

CVE-2026-15079 Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS6.1AI score0.00209EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.9 views

PT-2026-57339

Name of the Vulnerable Software and Affected Versions EV charging station backends affected versions not specified Description The charging station backend lacks throttling on repeated authentication attempts. This deficiency allows an attacker to perform a denial-of-service attack, which is a...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.3 views

openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts

A flaw was found in OpenSSH's Secure Shell Daemon sshd. This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using...

7.5CVSS6.1AI score0.00407EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/08 10:15 a.m.6 views

EUVD-2026-42213

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS5.9AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/08 5:37 a.m.5 views

CVE-2026-60000

A flaw was found in OpenSSH's Secure Shell Daemon sshd. This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using...

7.5CVSS6AI score0.00407EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/07/08 12:14 a.m.7 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:14 a.m.7 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6AI score0.00407EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/07/08 12:14 a.m.7 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 12:14 a.m.9 views

EUVD-2026-42143

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6AI score0.00407EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-15041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a...

3.7CVSS6.1AI score0.003EPSS
Exploits0References4
Rows per page
Query Builder