20 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a client-controlled flag in the captcha verification. An attacker can bypass authentication mechanisms by manipulating the flag value during the verification process. Remediation...
EUVD-2015-6192
Malware in sbrugna...
EUVD-2025-23288
Malicious code in bioql PyPI...
CVE-2025-50850
An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords brute-force attack to gain unauthoriz...
PT-2025-31554 · Cs Cart · Cs-Cart
Name of the Vulnerable Software and Affected Versions: CS Cart version 4.18.3 Description: The vendor login functionality lacks essential security controls, such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and...
CVE-2025-42601
This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...
CVE-2022-24880 Potential Captcha Validate Bypass in flask-session-captcha
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate function would return None if passed no value e.g. by submitting an having an empty form. If implementing users...
CVE-2022-24880
CVE-2022-24880 affects the Flask extension flask-session-captcha. The captcha.validate() function could return None when called with no value, allowing an attacker to bypass verification if code relies on a falsey check. Version 1.2.1 fixes the issue; upgrading to that version is the advised reme...
Microsoft Warns of Widespread Phishing Attacks Using Open Redirects
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits th...
Courier: [3] Bypassing IP Based Rate Limit Blocking leads to rate limit bypass in Courier Login Panel
Hi team, I would like to report rate limit issue based on IP blocking mechanism. Rate-limitation nowadays is not effective anymore to protect against brute-force. There are many botnets out there which can be used to overcome this hurdle, as well as cloud VPS services e.g. Amazon AWS EIPs, Digita...
in emoncms/emoncms
✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. 🕵️♂️ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...
UPchieve: No Rate Limit On Reset Password
welcome all : i found that no rate limit in reset password in ::: ==https://app.upchieve.org/resetpassword== Summary: No rate limit check on forgot password which can lead to mass mailing and spamming of users and possible employees A little bit about Rate Limit: A rate limiting algorithm is used...
Staging.every.org: No Rate Limit On Reset Password
Summary: A rate limiting algorithm is used to check if the user session or IP address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. wikipedia I...
User Enumeration
Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that at least two vulnerabilities regarding User Enumeration were found within the software. Case 1: Logged In Whenever a logged user accesses the Url...
User Enumeration
Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that at least two vulnerabilities regarding User Enumeration were found within the software. Case 1: Logged In Whenever a logged user accesses the Url...