19 matches found
CVE-2019-18261
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks...
EUVD-2020-19785
Malware in sbrugna...
CVE-2025-27449 CVE-2025-27449
The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...
PT-2025-27773
Name of the Vulnerable Software and Affected Versions: maxView Storage Manager affected versions not specified Description: The issue concerns the maxView Storage Manager, which does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. Th...
PT-2025-26556 · Unknown · Codeastro Expense Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Expense Management System version 1.0 Description: A vulnerability was found in the system, which has been rated as problematic. It affects some unknown functionality and leads to cross-site request forgery. The attack may be launch...
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to "identify and access...
CVE-2023-45152
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that n...
CVE-2020-8790
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...
PT-2025-21779 · Unknown · Tiiwee X1 Alarm System
Name of the Vulnerable Software and Affected Versions: Tiiwee X1 Alarm System version TWX1HAKV2 Description: The issue allows for authentication bypass through capture-replay, resulting in physical access to protected facilities without triggering an alarm. Recommendations: For Tiiwee X1 Alarm...
PT-2023-25773 · WordPress · Activitypub
Name of the Vulnerable Software and Affected Versions: ActivityPub WordPress plugin versions prior to 1.0.0 Description: The issue allows any authenticated user to retrieve the title of arbitrary posts, including drafts and private ones, via an IDOR vector. This occurs because the plugin does not...
PT-2023-5779 · Acronis · Acronis Cyber Protect 15 +1
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 15 versions before build 35979 Description: The issue is related to sensitive information manipulation due to cross-site request forgery, which may allow a remote attacker to access confidential information. This is caus...
Samsung ApkInstaller licensing issue vulnerability
Samsung ApkInstaller is a tool from Samsung, a South Korean company, for installing Apk files from Android memory cards. It is used to install Apk files from Android memory cards.An authorization issue vulnerability exists in the dynamic receiver in Samsung ApkInstaller, which stems from a lack o...
Johnson Controls exacqVision Web Service Unauthorized Access Vulnerability
Johnson Controls exacqVision Web Service is a Johnson Controls program that supports the use of a Web browser to view live video, search and playback video. A security vulnerability exists in exacqVision Web Service version 20.12.2.0 and prior versions, which arises from a lack of authentication...
Data analytics firm Polecat data breach – 30TB of data exposed
By Waqas Polecat exposed an Elasticsearch server that wasn't protected with any authentication measures or any form of encryption. This is a post from HackRead.com Read the original post: Data analytics firm Polecat data breach - 30TB of data exposed...
Why do companies fail to stop breaches despite soaring IT security investment?
Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% fro...
Atlassian JIRA Server and Data Center Authorization Issues Vulnerability (CNVD-2021-39166)
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of the Australian company Atlassian Atlassian.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system, which is use...
HCL Exposes Customer, Personnel Info in Wide-Ranging Data Leak
IT services provider HCL Technologies has inadvertently exposed passwords, sensitive project reports and other private data of thousands of customers and internal employees on various public HCL subdomains. HCL, an $8 billion conglomerate with more than 100,000 employees, specializes in...
AST-2010-003: Invalid parsing of ACL rules can compromise security
Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security |...
Simple One File Guestbook 1.0 - Security Bypass
source: https://www.securityfocus.com/bid/19437/info Simple one-file guestbook is prone to a security-bypass vulnerability. An attacker can bypass authentication measures by using a specific URL to delete all guestbook entries. Version 1.0 of Simple one-file guestbook is vulnerable. Other version...