Lucene search
+L

11298 matches found

Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
OSV
OSV
added 6 days ago6 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2026-61458

PasswordPusher

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 6 days ago3 views

CVE-2026-57691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-57691 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.89 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57885

Name of the Vulnerable Software and Affected Versions PasswordPusher versions prior to 2.9.2 Description An issue exists where passphrase-protected pushes are susceptible to brute-force attacks. The 'POST /p/:token/access' endpoint lacks route-specific rate limiting and per-push lockout mechanism...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43074

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

6.1AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 11:16 p.m.6 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00192EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 10:16 p.m.6 views

CVE-2026-15079

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:58 p.m.17 views

CVE-2026-11915

The CVE-2026-11915 entry concerns Drupal Brute force attack protection where a vulnerability exists in the Brute force attack protection module affecting versions . . The NVD/NVDC and related records describe the issue as a vulnerability in the Drupal brute-force protection mechanism with impact ...

5.9CVSS6.1AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:58 p.m.33 views

CVE-2026-11915 Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:46 p.m.33 views

CVE-2026-15079 Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 9:46 p.m.6 views

CVE-2026-15079 Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4...

5.4CVSS6.1AI score0.00209EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 9:46 p.m.10 views

CVE-2026-15079

The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...

5.4CVSS6.1AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 4:16 p.m.6 views

CVE-2026-55501

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...

7.3CVSS0.00515EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 3:23 p.m.22 views

CVE-2026-55501

The CVE concerns 9router prior to version 0.4.80, where the login rate limiter uses client identity from the attacker-controlled X-Forwarded-For header in src/lib/auth/loginLimiter.js. This allows remote attackers to rotate X-Forwarded-For per attempt, creating a fresh rate-limit bucket each time...

7.3CVSS6.2AI score0.00515EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 3:23 p.m.31 views

CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...

7.3CVSS0.00515EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.5 views

openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay

A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...

6.5CVSS6.1AI score0.00265EPSS
Exploits0References7
NVD
NVD
added 2026/07/09 7:16 a.m.7 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
Rows per page
Query Builder