147 matches found
CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...
CVE-2025-35021
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...
Improper Input Validation
datahihi1/tiny-env is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of characters, allowing attackers to inject comment text that can cause misconfigurations or authentication failures...
EUVD-2021-1481
Malware in sbrugna...
EUVD-2005-0433
Malware in sbrugna...
EUVD-2021-12568
Malware in sbrugna...
EUVD-2017-12885
Malware in sbrugna...
EUVD-2002-0501
Malware in sbrugna...
EUVD-2008-4296
Malware in sbrugna...
Configure a Proper Value for MaxAuthTries
MaxAuthTries indicates the maximum number of user authentication failures allowed in a single connection. If the number of user authentication failures exceeds the value, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 3. If this...
CVE-2025-54860 Cognex In-Sight Explorer and In-Sight Camera Firmware Improper Restriction of Excessive Authentication Attempts
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a...
WordPress Auteur Framework plugin <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin Auteur Framework versions = 7.1...
WordPress Orion Login with SMS plugin <= 1.0.5 - Authenticated Bypass via Weak OTP vulnerability
Authenticated Bypass via Weak OTP vulnerability discovered by kr0d in WordPress Plugin Orion Login with SMS versions = 1.0.5...
CVE-2025-27449
The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...
CVE-2025-49186
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...
SICK Field Analytics 和SICK Media Server 安全漏洞
SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a lack of...
WordPress MapSVG plugin < 8.6.13 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by Anhchangmutrang Patchstack Alliance in WordPress Plugin MapSVG versions 8.6.13...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in FacebookAuthFilter.java due to the logging of sensitive information during authentication failures. An attacker can gain access to user tokens by accessing the logs where these details...
WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover vulnerability
Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...
WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by Denver Jackson in WordPress Plugin Eventin versions = 4.0.26...