Lucene search
+L

10857 matches found

Snyk
Snyk
added 2026/07/06 9:46 p.m.7 views

Brute Force

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Brute Force in the authentication process. An attacker can gain unauthorized access to administrative functions by sending repeated login attempts with different values in the...

7.3CVSS6AI score0.00515EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56084

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The dashboard login rate limiter derives client identity from the X-Forwarded-For HTTP header, which is controlled by the user. When the application is directly exposed or deployed behind a reverse...

7.3CVSS6.2AI score0.00515EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/06 12:0 a.m.6 views

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the X-Forwarded-Fo...

7.3CVSS6AI score0.00515EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.8 views

CVE-2026-44040 UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

4.8CVSS5.8AI score0.00283EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 8:15 p.m.9 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score0.00118EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:19 p.m.29 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 3:19 p.m.38 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability in the anon.hash() function where unprivileged masked users can repeatedly call anon.hash(), collecting (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. Affected component: PostgreSQL Anonymizer. Root cause: exp...

4.3CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/30 3:19 p.m.4 views

CVE-2026-13455 PostgreSQL Anonymizer: Unrestricted function can leak the secret salt

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS6AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 2:16 p.m.13 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.10 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.39 views

CVE-2026-35098 Improper Restriction of Excessive Authentication Attempts in KTM System e-BOK

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:37 p.m.11 views

EUVD-2026-40325

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 1:37 p.m.21 views

CVE-2026-35098

KTM System e-BOK is affected by CVE-2026-35098 due to no rate limiting on login attempts, enabling brute-force attacks for user accounts. When paired with CVE-2026-35097 (six-digit numeric passwords), the risk increases. A patch was released in June 2026 to fix this issue. The CVSS metrics from C...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 1:17 p.m.15 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 11:48 a.m.10 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.9AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 11:48 a.m.22 views

CVE-2026-14209

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/30 11:48 a.m.41 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:48 a.m.7 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 11:48 a.m.9 views

EUVD-2026-40299

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2
Rows per page
Query Builder