27 matches found
📄 Soosyze CMS 2.0 Brute Forcer
Soosyze CMS version 2.0 authentication brute forcing tool that leverages an absence of rate limiting on the /user/login endpoint. ============================================================================================================================================= | Title : Soosyze CMS 2.0...
EUVD-2020-19101
Malware in sbrugna...
EUVD-2025-15582
Malicious code in bioql PyPI...
EUVD-2025-15580
Malicious code in bioql PyPI...
EUVD-2025-15581
Malicious code in bioql PyPI...
CVE-2012-10001
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts...
GHSA-9FWJ-9MJF-RHJ3 laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
GHSA-2F4R-34M4-3W8Q Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
Red Hat WildFly Elytron 安全漏洞
Red Hat WildFly Elytron is a security framework for application servers from Red Hat USA. The product supports features such as configuring administrative access rights to servers. A security vulnerability exists in Red Hat WildFly Elytron, which stems from an insufficiently restricted...
Akira Ransomware Exploits Cisco Zero-Day Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-20269, is a concerning security issue that impacts the remote access VPN feature of Cisco ASA Adaptive Security Appliance and FTD Firepower Threa...
CVE-2023-3548
An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack...
CVE-2023-3548
CVE-2023-3548 affects Johnson Controls IQ Wifi 6 firmware versions prior to 2.0.2. The vulnerability is described as an improper restriction of excessive authentication attempts (CWE-307) that could allow an unauthorized user to gain account access via a brute-force authentication attack over the...
PiiGAB M-Bus 安全漏洞
PiiGAB M-Bus is a communication protocol used between meters and centralized data collection systems or prepaid units from PiiGAB. A security vulnerability exists in PiiGAB M-Bus version 900S, which stems from an unlimited number of login attempts and could allow an attacker to perform brute forc...
Ovarro TBox RTUs 安全特征问题漏洞
Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. The Ovarro TBox RTUs suffers from a security signature issue vulnerability that arises from the use of insufficient entropy to generate software security tokens, where the random seed used to generate the...
CVE-2021-27514
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass such as in CVE-2021-27513 exploitation...
CVE-2021-27514
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass such as in CVE-2021-27513 exploitation...
CVE-2012-10001
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts...
CVE-2012-10001
The CVE-2012-10001 entry concerns the WordPress plugin Limit Login Attempts (before 1.7.1). The vulnerability arises because the plugin does not clear authentication cookies when a lockout occurs, potentially allowing remote attackers to continue brute-forcing authentication attempts. Affected co...
CVE-2012-10001
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts...