Lucene search
K

2006 matches found

Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33926

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

8.7CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34023

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/16 1:9 p.m.98 views

cap-exploit-poc

cap-exploit-poc This repository contai...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/14 11:13 p.m.7 views

CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/14 11:13 p.m.13 views

Guessable CAPTCHA

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Guessable CAPTCHA through the getCaptcha.php process, which allows external control over the CAPTCHA length parameter without proper validation. An attacker can...

6.9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/14 11:13 p.m.7 views

GHSA-HG7G-56H5-5PQR CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4
Malwarebytes
Malwarebytes
added 2026/04/07 11:57 a.m.6 views

Traffic violation scams swap links for QR codes to steal your card details

As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money. Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice. The late...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Perceptual Gaps: ASCII Art and Overlapping Audio As CAPTCHA

As multimodal large language models LLMs advance, traditional CAPTCHAs have become obsolete at distinguishing humans from bots. To address this shift, this paper aims to investigate the possibility of using tasks for which humans have evolved highly specialised neural processing. We introduce two...

6AI score
Exploits0
EUVD
EUVD
added 2026/04/03 3:35 p.m.5 views

EUVD-2026-18752

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.4 views

CVE-2026-34206

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 8:16 p.m.5 views

CVE-2026-34206

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/31 7:34 p.m.12 views

EUVD-2026-17602

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 7:34 p.m.21 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:34 p.m.3 views

CVE-2026-34206

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 7:34 p.m.1 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 7:34 p.m.11 views

CVE-2026-34206

Captcha Protect is a Traefik middleware that applies an anti-bot challenge per-subnet. Before v1.12.2, there is a reflected XSS in the challenge page where a client-supplied destination value is rendered with Go text/template (which lacks contextual HTML escaping). An attacker could craft a desti...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 7:34 p.m.6 views

CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References5
Veracode
Veracode
added 2026/03/31 3:55 a.m.29 views

Improper Authentication

github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...

7.5CVSS7.2AI score0.0039EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.27 views

Captcha Protect 跨站脚本漏洞

Captcha Protect is an open-source middleware for CAPTCHA protection developed by libops, based on traffic detection. Versions of Captcha Protect prior to 1.12.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the challenge page accepting target values provided by...

6.1CVSS5.8AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/29 11:13 a.m.3 views

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References1
Rows per page
Query Builder