10764 matches found
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...
EUVD-2026-43091
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...
EUVD-2026-43074
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...
CVE-2026-11915
Technical details about CVE-2026-11915 are not publicly available in the provided documents. The connected sources indicate the issue is with Drupal Brute force attack protection and that the related project is marked unsupported; monitor for updates.
CVE-2026-15079
The CVE-2026-15079 entry maps to Drupal Login Disable, where the module does not sufficiently protect the login form from brute-force attempts. Affected versions range from 0.0.0 to 2.1.4. The root cause is improper restriction of excessive authentication attempts, enabling brute-force bypass of ...
CVE-2026-55501
9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...
CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...
CVE-2026-55501
The CVE concerns 9router prior to version 0.4.80, where the login rate limiter uses client identity from the attacker-controlled X-Forwarded-For header in src/lib/auth/loginLimiter.js. This allows remote attackers to rotate X-Forwarded-For per attempt, creating a fresh rate-limit bucket each time...
CVE-2026-47831
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
EUVD-2026-42517
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
CVE-2026-47831
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
CVE-2026-51926
An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...
CVE-2026-51926
The vulnerability (CVE-2026-51926) affects docuForm FSM Client v11.11c. The login.php authentication mechanism enables user enumeration: an attacker can distinguish valid from invalid usernames by differences in server responses, enabling identification of existing accounts. This information coul...
CVE-2026-14495
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-60001
A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...
CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
EUVD-2026-42167
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-14495
CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...
CVE-2026-47831 - Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks | Cloud Foundry
High CVSSv4: High 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-windows-stemcell-builder – All versions prior to...
PT-2026-56659
Name of the Vulnerable Software and Affected Versions Drupal Login Disable versions 0.0.0 through 2.1.4 Description The Login Disable module, which restricts site access by requiring a secret key on the login form, does not sufficiently protect the form from brute force attacks. An attacker could...