Lucene search
K

64 matches found

CVE
CVE
added yesterday20 views

CVE-2026-55501

The CVE concerns 9router prior to version 0.4.80, where the login rate limiter uses client identity from the attacker-controlled X-Forwarded-For header in src/lib/auth/loginLimiter.js. This allows remote attackers to rotate X-Forwarded-For per attempt, creating a fresh rate-limit bucket each time...

7.3CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-56084

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The dashboard login rate limiter derives client identity from the X-Forwarded-For HTTP header, which is controlled by the user. When the application is directly exposed or deployed behind a reverse...

7.3CVSS6.2AI score
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 5 days ago6 views

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the X-Forwarded-Fo...

7.3CVSS6AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 a.m.12 views

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 4:37 a.m.15 views

CVE-2026-9798 Keycloak: keycloak: brute-force protection bypass in ciba flow

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:37 a.m.42 views

CVE-2026-9798

Keycloak is affected by a flaw where, after a user account is temporarily locked due to repeated failed logins, an attacker with valid client credentials can abuse the Client-Initiated Backchannel Authentication (CIBA) flow to bypass the lock. This allows continued authentication attempts and tok...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/11 11:20 p.m.18 views

CVE-2026-43914

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function sendemaillogin email.rs, api endpoi...

9.8CVSS0.00288EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/11 10:3 p.m.10 views

CVE-2026-43914 Vaultwarden: Brute-force protection bypass vulnerability

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function sendemaillogin email.rs, api endpoi...

7.3CVSS5.8AI score0.00288EPSS
Exploits1References3
NVD
NVD
added 2026/04/24 4:16 a.m.7 views

CVE-2026-6947

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

8.7CVSS0.00454EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:46 a.m.7 views

CVE-2026-6947

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

8.7CVSS5.8AI score0.00454EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/24 3:46 a.m.3 views

CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

8.7CVSS5.2AI score0.00454EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 3:46 a.m.12 views

CVE-2026-6947

The CVE-2026-6947 entry concerns the D-Link DWM-222W USB Wi‑Fi Adapter, where a Brute-Force Protection Bypass allows unauthenticated adjacent-network attackers to bypass login attempt limits and perform brute-force actions to gain control of the device. Affected component: login protection mechan...

8.7CVSS5.8AI score0.00454EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 3:46 a.m.6 views

EUVD-2026-25395

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

8.7CVSS5.8AI score0.00454EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10517

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 6:18 p.m.5 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.4 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.30 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS0.00369EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.3 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/03/10 4:44 p.m.41 views

CVE-2026-22629

CVE-2026-22629 affects Fortinet FortiAnalyzer, FortiManager, and their Cloud variants across multiple 6.x/7.x lines (see details in Description). The issue is described as an improper restriction of excessive authentication attempts, caused by race conditions that may allow an attacker to bypass ...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder