Lucene search
+L

147 matches found

Cvelist
Cvelist
added 2025/11/26 8:50 a.m.14 views

CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

0.00597EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 1:15 a.m.10 views

CVE-2025-35021

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

6.5CVSS0.00299EPSS
Exploits1References3
Veracode
Veracode
added 2025/10/16 7:34 a.m.5 views

Improper Input Validation

datahihi1/tiny-env is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of characters, allowing attackers to inject comment text that can cause misconfigurations or authentication failures...

6.5CVSS7.1AI score0.00194EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1481

Malware in sbrugna...

5.5CVSS5.4AI score0.00499EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0433

Malware in sbrugna...

5CVSS6.4AI score0.01987EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-12568

Malware in sbrugna...

7.5CVSS7.5AI score0.0129EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-12885

Malware in sbrugna...

7.8CVSS7.6AI score0.01212EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-0501

Malware in sbrugna...

5CVSS6.4AI score0.01771EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-4296

Malware in sbrugna...

6.8CVSS6.1AI score0.027EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2025/09/25 12:0 a.m.2 views

Configure a Proper Value for MaxAuthTries

MaxAuthTries indicates the maximum number of user authentication failures allowed in a single connection. If the number of user authentication failures exceeds the value, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 3. If this...

6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2025/09/18 9:20 p.m.15 views

CVE-2025-54860 Cognex In-Sight Explorer and In-Sight Camera Firmware Improper Restriction of Excessive Authentication Attempts

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a...

7.7CVSS0.00125EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/31 6:51 p.m.7 views

WordPress Auteur Framework plugin <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin Auteur Framework versions = 7.1...

4.3CVSS8.8AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/21 10:24 p.m.12 views

WordPress Orion Login with SMS plugin <= 1.0.5 - Authenticated Bypass via Weak OTP vulnerability

Authenticated Bypass via Weak OTP vulnerability discovered by kr0d in WordPress Plugin Orion Login with SMS versions = 1.0.5...

8.1CVSS6.7AI score0.00505EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/07/03 12:15 p.m.6 views

CVE-2025-27449

The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/06/12 2:15 p.m.7 views

CVE-2025-49186

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/06/12 12:0 a.m.11 views

SICK Field Analytics 和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from a lack of...

6.5CVSS6.7AI score0.0032EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/06/09 12:5 p.m.7 views

WordPress MapSVG plugin < 8.6.13 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Anhchangmutrang Patchstack Alliance in WordPress Plugin MapSVG versions 8.6.13...

8.8CVSS6.6AI score0.00294EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/06/05 5:42 p.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in FacebookAuthFilter.java due to the logging of sensitive information during authentication failures. An attacker can gain access to user tokens by accessing the logs where these details...

6.9CVSS6.7AI score0.00145EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/08 8:48 p.m.8 views

WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover vulnerability

Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...

9.8CVSS8.3AI score0.00634EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/07 10:53 a.m.12 views

WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson in WordPress Plugin Eventin versions = 4.0.26...

9.8CVSS8.8AI score0.3092EPSS
Exploits4Affected Software1
Rows per page
Query Builder