1994 matches found
EUVD-2026-24182
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...
CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...
CVE-2026-41037
The CVE-2026-41037 affects a Quantum Networks router, where inadequate sanitization of user input in the management CLI interface permits an authenticated remote attacker to inject arbitrary OS commands, enabling remote code execution with root privileges. The CVSSv4 base score is 8.7 (HIGH), wit...
CVE-2026-41037 Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...
CVE-2026-41037
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...
CVE-2026-41037 Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...
Quantum Networks router 安全漏洞
The Quantum Networks router is a network routing device developed by the Indian company Quantum Networks. The Quantum Networks router has a security vulnerability. This vulnerability stems from the lack of rate-limiting mechanisms and CAPTCHA protection in the web-based management interface. As a...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the objects/getCaptcha.php file, which directly accepts the CAPTCHA length from the query string...
PT-2026-34023
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...
PT-2026-33926
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...
PT-2026-34200
WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...
cap-exploit-poc
cap-exploit-poc This repository contai...
GHSA-HG7G-56H5-5PQR CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure
Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...
CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure
Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...
Guessable CAPTCHA
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Guessable CAPTCHA through the getCaptcha.php process, which allows external control over the CAPTCHA length parameter without proper validation. An attacker can...
Traffic violation scams swap links for QR codes to steal your card details
As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money. Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice. The late...
Perceptual Gaps: ASCII Art and Overlapping Audio As CAPTCHA
As multimodal large language models LLMs advance, traditional CAPTCHAs have become obsolete at distinguishing humans from bots. To address this shift, this paper aims to investigate the possibility of using tasks for which humans have evolved highly specialised neural processing. We introduce two...
EUVD-2026-18752
Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...
CVE-2026-34206
Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...
CVE-2026-34206
Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...