Lucene search
K

1189 matches found

CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the lack of rate limiting in Telegram Webhook authentication, which could lead to brute-force attacks...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29236

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling...

9.8CVSS5.9AI score0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 8:31 p.m.2 views

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:31 p.m.4 views

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/27 8:31 p.m.7 views

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 1:16 p.m.6 views

CVE-2025-55269

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

9.8CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 1:0 p.m.22 views

CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

4.2CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 1:0 p.m.1 views

CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

4.2CVSS5.8AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28471

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions prior to 2.6.0 configure Django REST Framework with BasicAuthentication as a...

9.1CVSS5.9AI score0.00513EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.12 views

IGL-Technologies eParking.fi 安全漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability. This vulnerability stems from the lack of a limit on the numbe...

8.7CVSS5.8AI score0.00408EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.9 views

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.10 views

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon’s system. This vulnerability stems from the lack of a limit on the number of authentication requests made through the WebSocket API, which can lead to denial-of-servi...

8.7CVSS5.8AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

ePower 安全漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security vulnerability, which stems from the lack of a limit on the number of authentication requests. This vulnerability could lead to denial-of-service attacks or brute-force attacks...

8.7CVSS5.8AI score0.00601EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

Mobiliti 安全漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket API. This vulnerability could lead to...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...

6.5CVSS5.8AI score0.00396EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.4 views

CVE-2026-25114

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

9.8CVSS6AI score0.00475EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 3:30 a.m.7 views

EUVD-2026-8949

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

7.5CVSS5.4AI score0.00487EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 12:31 a.m.5 views

EUVD-2026-8938

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

7.5CVSS5.4AI score0.00521EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:22 a.m.25 views

CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00475EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, which stems from the lack of an authentication request limit on the WebSocket API. This vulnerability could lead to denial-of-service attacks or brute-force...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References3
Rows per page
Query Builder