Lucene search
+L

2042 matches found

Nuclei
Nuclei
added 20 hours ago20 views

phpMyFAQ <= 4.1.1 - SQL Injection

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.6AI score0.01709EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago116 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.9AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago18 views

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS8.4AI score0.29557EPSS
Exploits3References2
Nuclei
Nuclei
added 20 hours ago83 views

Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

6.1CVSS5.2AI score0.00665EPSS
Exploits1References2
NVD
NVD
added 2 days ago6 views

CVE-2024-23566

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2024-55660

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS5.3AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2024-23566

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2024-23566

CVE-2024-23566 : Affects HCL Aftermarket EPC. The login/authentication mechanism is vulnerable due to lack of captcha, enabling brute-force and automated login attempts that could lead to account enumeration. CVSS 3.1 base score 6.5 (Medium): Network access, low impact to confidentiality/ integri...

6.5CVSS5.4AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2024-23566

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS5.3AI score0.00159EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2 days ago7 views

CVE-2026-13082

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3CVSS0.00216EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-13082

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

9.1CVSS5.3AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

CVE-2026-13082 GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3CVSS5.3AI score0.00332EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13082 GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45169

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3CVSS5.4AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-13082

CVE-2026-13082 affects GD::SecurityImage for Perl (versions through 1.75). The vulnerability arises because the CAPTCHA secret text is generated by sampling from a character set using Perl’s built-in rand, which is not suitable for security applications due to predictability and reversibility. Im...

5.3CVSS5.4AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-60744

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3CVSS5.3AI score0.00216EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2024-58360

stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...

6.9CVSS0.00259EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2024-58360

CVE-2024-58360 affects stoatchat versions before 0.7.8. The issue: account creation restrictions (invite-only, email verification, captcha, shield verification) are not enforced, allowing attackers to create unlimited accounts with unverified emails. Impacts include higher denial-of-service risk ...

6.9CVSS6.1AI score0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago37 views

CVE-2024-58360 stoatchat before 0.7.8 Unrestricted Account Creation

stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...

6.9CVSS0.00259EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

CVE-2024-58360 stoatchat before 0.7.8 Unrestricted Account Creation

stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...

6.9CVSS5.3AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder