2042 matches found
phpMyFAQ <= 4.1.1 - SQL Injection
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...
TOTOLINK/Realtek Routers - CAPTCHA Bypass
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...
Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...
CVE-2024-23566
HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...
EUVD-2024-55660
HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...
CVE-2024-23566
HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...
CVE-2024-23566
CVE-2024-23566 : Affects HCL Aftermarket EPC. The login/authentication mechanism is vulnerable due to lack of captcha, enabling brute-force and automated login attempts that could lead to account enumeration. CVSS 3.1 base score 6.5 (Medium): Network access, low impact to confidentiality/ integri...
CVE-2024-23566
HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...
CVE-2026-13082
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
CVE-2026-13082
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
CVE-2026-13082 GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
CVE-2026-13082 GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
EUVD-2026-45169
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
CVE-2026-13082
CVE-2026-13082 affects GD::SecurityImage for Perl (versions through 1.75). The vulnerability arises because the CAPTCHA secret text is generated by sampling from a character set using Perl’s built-in rand, which is not suitable for security applications due to predictability and reversibility. Im...
PT-2026-60744
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
CVE-2024-58360
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...
CVE-2024-58360
CVE-2024-58360 affects stoatchat versions before 0.7.8. The issue: account creation restrictions (invite-only, email verification, captcha, shield verification) are not enforced, allowing attackers to create unlimited accounts with unverified emails. Impacts include higher denial-of-service risk ...
CVE-2024-58360 stoatchat before 0.7.8 Unrestricted Account Creation
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...
CVE-2024-58360 stoatchat before 0.7.8 Unrestricted Account Creation
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service...