Lucene search
+L

10820 matches found

cve
cve
added 1 hour ago5 views

CVE-2026-63089

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as...

9.3CVSS6.1AI score
Exploits0References3
nuclei
nuclei
added 11 hours ago74 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.4AI score0.0102EPSS
Exploits2References4
nvd
nvd
added 2 days ago4 views

CVE-2026-5040

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS0.00093EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago40 views

CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS0.00093EPSS
Exploits0References3
cve
cve
added 2 days ago6 views

CVE-2026-5040

The CVE-2026-5040 entry applies to TP-Link Deco M5 v1. The issue stems from a weak password hashing mechanism used to store user credentials. An attacker who obtains the password hash via system compromise or privileged access could perform brute-force or dictionary attacks. Practical consequence...

7.1CVSS6.1AI score0.00093EPSS
Exploits0References3
cve
cve
added 2 days ago12 views

CVE-2026-9561

CVE-2026-9561 affects Eclipse Kura before 5.6.2. The Web Console (org.eclipse.kura.web2) and REST API (org.eclipse.kura.rest.provider) trust the client-controlled X-Forwarded-For header as the primary source for client IP in audit contexts, and Jetty’s ForwardedRequestCustomizer is installed on a...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago25 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS0.00204EPSS
Exploits0References1
euvd
euvd
added 2 days ago5 views

EUVD-2026-43560

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References3
nvd
nvd
added 3 days ago5 views

CVE-2026-61458

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS0.00304EPSS
Exploits0References2
cve
cve
added 3 days ago9 views

CVE-2026-61458

PasswordPusher

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
vulnrichment
vulnrichment
added 3 days ago5 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
cvelist
cvelist
added 3 days ago32 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS0.00304EPSS
Exploits0References2
osv
osv
added 3 days ago3 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References5
nvd
nvd
added 3 days ago3 views

CVE-2026-57691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago27 views

CVE-2026-57691 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.89 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
ptsecurity
ptsecurity
added 3 days ago4 views

PT-2026-57885

Name of the Vulnerable Software and Affected Versions PasswordPusher versions prior to 2.9.2 Description An issue exists where passphrase-protected pushes are susceptible to brute-force attacks. The 'POST /p/:token/access' endpoint lacks route-specific rate limiting and per-push lockout mechanism...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References4
euvd
euvd
added 5 days ago6 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00192EPSS
Exploits0References2
euvd
euvd
added 5 days ago5 views

EUVD-2026-43074

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

6.1AI score0.00209EPSS
Exploits0References2
nvd
nvd
added 6 days ago6 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00192EPSS
Exploits0References1
nvd
nvd
added 6 days ago4 views

CVE-2026-15079

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS0.00209EPSS
Exploits0References1
Rows per page
Query Builder