CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/05/05 12:0 a.m.•2 views

Unsecured Authentication Attempt Detected (Medium)

A server allow for authentication using credentials in an unencrypted manner over unencrypted channel. Such credentials might be revealed to an attacker intercepting this traffic and used to gain access to data on the server. This plugin only works with Tenable.ot. Please visit...

Tenable Nessus•added 2025/05/05 12:0 a.m.•3 views

Unsecured Authentication Attempt Detected (Critical)

Tenable Nessus•added 2025/05/05 12:0 a.m.•5 views

Unsecured Authentication Attempt Detected (Low)

Tenable Nessus•added 2025/05/05 12:0 a.m.•2 views

Unsecured Authentication Attempt Detected (High)

Positive Technologies•added 2024/05/15 12:0 a.m.•1 views

PT-2024-4725 · Unknown · Проект-Смартпро

Name of the Vulnerable Software and Affected Versions: Проект-СмартПРО affected versions not specified Description: The issue is related to the lack of authentication attempt restrictions in the software. This could allow a remote attacker to perform a brute force attack. Recommendations: At the...

5CVSS7.2AI score

Positive Technologies•added 2024/01/11 12:0 a.m.•1 views

PT-2024-10342 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.2.0 through 7.2.4 FortiClientEMS versions prior to 7.0.10 Description: The issue is related to an improper restriction of excessive authentication attempts, which may allow an unauthenticated attacker to perform a...

9.8CVSS6.6AI score0.00993EPSS

Exploits0References6

Debian CVE•added 2024/01/10 12:33 p.m.•38 views

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

6.5CVSS6.5AI score0.00304EPSS

Citrix•added 2023/11/22 12:0 a.m.•3 views

Can't complete your request with SAML enabled in a Single Domain

Can't complete your request when logon Netscaler Gateway using UPN name with SAML enabled. On Storefront event log, we can see "An authentication attempt was made for user: [email protected] with realm context resulting in: Failed -1073741715" In Storefront Verbose log, we can see...

7.4AI score

Citrix•added 2023/09/06 12:0 a.m.•5 views

Error "Try again after some time or contact your help desk" after authentication passed

After inputting your username and password to "https://x.x.x.x/manageotp" page, you are encountering an error message that says, "Try again after some time or contact your help desk " "Rejecting with error code 4009 “， ”receiveldapusersearchevent:ldapfirstentryreturned null, user XXX not found “...

7.6AI score

CNNVD•added 2023/01/30 12:0 a.m.•2 views

Schneider Electric Conext ComBox 安全漏洞

Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric, a French company. A security vulnerability exists in all versions of the Schneider Electric Conext ComBox that stems from an incorrect limit on the number of authentication attempts that...

9.8CVSS8.4AI score0.00257EPSS

CVE•added 2021/03/26 7:14 a.m.•40 views

CVE-2021-28248

CA eHealth Performance Manager up to version 6.3.2.12 suffers from Improper Restriction of Excessive Authentication Attempts via the /web/frames/ endpoint, allowing an attacker to attempt many passwords and potentially access a targeted account. The maintainer no longer supports this product, and...

7.5CVSS7.8AI score0.00238EPSS

Exploits1References1Affected Software1

OSV•added 2021/02/24 7:45 p.m.•1 views

GHSA-XM8R-5WH6-F46F Timing attack

While each ID is used for only one authentication attempt, a timing attack is possible to figure out in Autobahn...

7.3AI score

Prion•added 2018/01/23 8:29 p.m.•15 views

Session fixation

Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter...

5CVSS9.7AI score0.02809EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2016/05/30 6:48 a.m.•28 views

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

5.9CVSS5.9AI score0.00983EPSS

Exploits0References1

Citrix•added 2016/02/18 12:0 a.m.•3 views

Error: "There are no apps available at this time. Please check the server and try again"

Consider the following scenario. There are two sites IN GSLB- production and disaster recovery. Production is already working with the StoreFront integration behind it. Customer wanted to test the disaster recovery site using the same URL that resolves to the NetScaler Gateway VIP, creating the...

7.2AI score