CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

567 matches found

Vulnrichment•added 2026/05/16 3:28 p.m.•3 views

CVE-2021-47977 WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS5.9AI score0.00561EPSS

Exploits0References4

ATTACKERKB•added 2026/05/16 3:28 p.m.•3 views

CVE-2021-47977

8.7CVSS5.9AI score0.00561EPSS

Exploits0References4

EUVD•added 2026/05/16 3:28 p.m.•5 views

EUVD-2021-34837

8.7CVSS5.9AI score0.00561EPSS

Exploits0References4

Positive Technologies•added 2026/05/16 12:0 a.m.•5 views

PT-2026-41463

Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Bruteforce Firewall version 4.20.59 Description A directory traversal issue allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the 'duplicator...

8.7CVSS5.9AI score0.00561EPSS

Exploits0References6

GithubExploit•added 2026/04/14 6:44 a.m.•149 views

jwt-attack-suite

JWT Attack Suite Offensive JWT testing toolkit for penetrat...

9.8CVSS5.9AI score0.84691EPSS

Exploits9

NVD•added 2026/03/06 12:16 a.m.•2 views

CVE-2026-27778

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00029EPSS

Exploits1References3

Positive Technologies•added 2026/03/05 12:0 a.m.•2 views

PT-2026-23576

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not restrict the number of authentication requests. This lack of rate limiting could enable attackers ...

8.7CVSS5.8AI score0.00029EPSS

Exploits1References8

OSV•added 2026/03/03 10:18 p.m.•1 views

GHSA-JMMG-JQC7-5QF4 OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains

This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password. Context and Preconditions OpenClaw’s web/gateway surface ...

7.5CVSS5.9AI score0.00109EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:50 a.m.•1 views

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

8.8CVSS7.2AI score0.00475EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:49 a.m.•5 views

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

7.5CVSS7.2AI score0.00932EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:37 a.m.•4 views

CVE-2024-34914

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in...

5.3CVSS7.2AI score0.00076EPSS

Exploits0References1

EUVD•added 2025/12/19 6:31 p.m.•1 views

EUVD-2025-204542

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...

9.3CVSS8AI score0.41084EPSS

Exploits2References5

RedhatCVE•added 2025/11/12 1:6 p.m.•4 views

CVE-2025-10161

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This iss...

7.3CVSS6.9AI score0.00057EPSS

Exploits0References1

ATTACKERKB•added 2025/10/10 10:24 p.m.•1 views

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

6.5CVSS5.8AI score0.0008EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-23232

Malware in sbrugna...

9.8CVSS9.4AI score0.00307EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-9336

Malware in sbrugna...

9.1CVSS9AI score0.00168EPSS

Exploits1References4