Lucene search
+L

394 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-16103

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...

4.3CVSS
Exploits0References2
CVE
CVE
added 1 hour ago7 views

CVE-2026-16103

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...

4.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago3 views

PT-2026-60799

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...

4.3CVSS5.2AI score
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00192EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added last week17 views

CVE-2026-11915

The CVE-2026-11915 entry concerns Drupal Brute force attack protection where a vulnerability exists in the Brute force attack protection module affecting versions . . The NVD/NVDC and related records describe the issue as a vulnerability in the Drupal brute-force protection mechanism with impact ...

5.9CVSS6.1AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-11915 Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:2 p.m.9 views

EUVD-2026-38239

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS5.9AI score0.0033EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/10 12:0 a.m.15 views

Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

5.9CVSS5.2AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 4:37 a.m.13 views

EUVD-2026-32717

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 3:53 a.m.11 views

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the Client-Initiated Backchannel Authentication CIBA flow. An...

4.3CVSS5.9AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44193

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Client-Initiated Backchannel Authentication CIBA flow allows an attacker with valid client credentials to bypass brute-force protection. When a user account is temporarily lock...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises when user accounts are temporarily locked due to failed login attempts. Attackers with valid client credentials can exploit the revers...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 4:7 p.m.20 views

CVE-2025-62313

Technical details are not publicly available in the provided documents. Monitor for updates.

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 4:7 p.m.15 views

CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced.

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:7 p.m.10 views

CVE-2025-62313

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of adequate brute-force attack protection measures. This vulnerability may lead to repeated authentication attempts, potentially resulting in...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29088

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.19 views

CVE-2026-7820

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:35 p.m.22 views

CVE-2026-7820

CVE-2026-7820 affects pgAdmin 4 prior to 9.15. The issue is an account-lockout bypass caused by improper synchronization between pgAdmin’s custom /authenticate/login path and Flask-Security’s default /login path. Because Flask-Security’s default route does not consult the pgAdmin User.locked fiel...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder