Lucene search
K

2005 matches found

CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

WordPress plugin WP Captcha PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

WordPress plugin WP Captcha PRO 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.2AI score0.00449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.17 views

PT-2026-47032

Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description The plugin is susceptible to arbitrary file upload, which can lead to remote code execution. The issue stems from a flawed capability check in the save ajax function within the licensing module...

8.8CVSS5.9AI score0.00449EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/05/29 11:31 a.m.21 views

New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone,...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/28 9:23 a.m.10 views

WordPress Login No Captcha reCAPTCHA plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ISMAILSHADOW in WordPress Plugin Login No Captcha reCAPTCHA versions = 1.8.0...

7.2CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.12 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 3:27 a.m.21 views

CVE-2026-2374

The CVE-2026-2374 entry applies to the Login No Captcha reCAPTCHA WordPress plugin (v &lt;= 1.8.0). The vulnerability is a Stored Cross-Site Scripting (XSS) that occurs because authenticate() stores the unsanitized basename($_SERVER['PHP_SELF']) output in the login_nocaptcha_error WordPress optio...

7.2CVSS6AI score0.00346EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin Login No Captcha reCAPTCHA 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.7AI score0.00346EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/23 12:12 a.m.16 views

instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...

5.8AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/16 4:16 p.m.14 views

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS0.00429EPSS
Exploits1References4
CVE
CVE
added 2026/05/16 3:25 p.m.14 views

CVE-2020-37228

The CVE-2020-37228 entry concerns iDS6 DSSPro Digital Signage System 6.2, where a CAPTCHA security bypass allows authentication bypass by requesting the autoLoginVerifyCode object. Attackers can obtain valid CAPTCHA codes via the login endpoint and use them to brute-force user accounts. The vulne...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/16 3:25 p.m.12 views

EUVD-2020-31229

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.39 views

CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS0.00429EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.12 views

CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.17 views

PT-2026-41428

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.11 views

Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01709EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/05/15 9:31 p.m.8 views

GHSA-CH9Q-C9MP-J5GQ Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01709EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 7:17 p.m.28 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01709EPSS
Exploits0References3
Rows per page
Query Builder