Lucene search
K

12 matches found

Veracode
Veracode
added 2026/03/31 3:55 a.m.29 views

Improper Authentication

github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...

7.5CVSS7.2AI score0.0039EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.5 views

CVE-2025-69246

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

9.8CVSS5.8AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.6 views

CVE-2025-66507

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS0.0039EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 1:25 a.m.5 views

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS6.9AI score0.0039EPSS
Exploits0References5
OSV
OSV
added 2025/12/08 5:56 p.m.3 views

GHSA-QMG5-V42X-QQHQ 1Panel – CAPTCHA Bypass via Client-Controlled Flag

Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...

7.5CVSS7.1AI score0.0039EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/20 12:0 a.m.6 views

WordPress Plugin Groundhogg 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8CVSS8.1AI score0.00399EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2021/09/20 2:23 p.m.20 views

Login Authentication Goes Automated With New InsightAppSec Improvements

Move over, macros — automated login is here. At Rapid7, we know the most powerful tools in your security portfolio are the ones that help you understand your risks quickly. With our new automated login for InsightAppSec, you can access and scan even the most complex, modern applications quickly a...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/04/30 12:0 a.m.55 views

Piwigo 11.3.0 SQL Injection Exploit

Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Testing and Debugging: nu11secur1ty Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...

7.2CVSS0.5AI score0.11046EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.251 views

RemoteClinic 2 Cross Site Scripting

Exploit Title: Cross Site Scripting XSS RemoteClinic on register.php Author: nu11secur1ty Debug: g3ck0dr1v3r Date: 04.21.2021 Vendor: RemoteClinic Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...

3.5CVSS5.6AI score0.01773EPSS
Exploits4
ThreatPost
ThreatPost
added 2019/02/12 9:37 p.m.47 views

Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...

0.4AI score
Exploits0References10
Source Incite
Source Incite
added 2016/03/17 12:0 a.m.26 views

SRC-2016-0008 : ATutor LMS confirm ‘SELECT’ Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when performing an automated login. The code uses a loose comparison when comparing the supplied...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2010/11/26 3:4 a.m.9 views

Arachni v0.2.1 - penetration testers Framework - latest release

"Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications." This is the official change log: Major performance improvements Major system refactoring and code clean-up Major module API...

8.1AI score
Exploits0
Rows per page
Query Builder