Lucene search
K

2005 matches found

NVD
NVD
added 2026/04/22 9:16 a.m.7 views

CVE-2026-4121

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS0.00178EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4121 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.4 views

CVE-2026-4121

The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 7:45 a.m.11 views

CVE-2026-4121

The CVE concerns the WordPress Kcaptcha plugin (versions update(), enabling unauthenticated attackers to alter CAPTCHA settings (e.g., enabling/disabling CAPTCHA for login, registration, lost password, and comments) through a forged request if a site admin is tricked into performing an action. Co...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34288

Name of the Vulnerable Software and Affected Versions Kcaptcha versions prior to 1.0.2 Description The Kcaptcha plugin for WordPress is subject to Cross-Site Request Forgery. The issue exists in the settings page handler 'admin/setting.php' because it lacks nonce validation. Specifically, the...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References10
NVD
NVD
added 2026/04/21 11:16 p.m.6 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS0.00218EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:21 p.m.8 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 10:21 p.m.4 views

CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/21 10:21 p.m.31 views

CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS0.00218EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/21 10:21 p.m.3 views

EUVD-2026-24527

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 10:21 p.m.18 views

CVE-2026-40935

WWBN/AVideo (versions ≤ 29.0) is affected by a CAPTCHA bypass involving objects/getCaptcha.php. The ql parameter is read directly from the query string without clamping or sanitization, allowing an unauthenticated client to request a 1-character CAPTCHA word. Coupled with a case-insensitive strca...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/21 5:10 p.m.10 views

EUVD-2026-24182

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 5:10 p.m.3 views

CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 10:4 a.m.13 views

CVE-2026-41037

The CVE-2026-41037 affects a Quantum Networks router, where inadequate sanitization of user input in the management CLI interface permits an authenticated remote attacker to inject arbitrary OS commands, enabling remote code execution with root privileges. The CVSSv4 base score is 8.7 (HIGH), wit...

8.8CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/21 10:4 a.m.29 views

CVE-2026-41037 Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

8.7CVSS0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:4 a.m.7 views

CVE-2026-41037

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

8.7CVSS5.8AI score0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 10:4 a.m.3 views

CVE-2026-41037 Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

8.7CVSS5.8AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the objects/getCaptcha.php file, which directly accepts the CAPTCHA length from the query string...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.6 views

Quantum Networks router 安全漏洞

The Quantum Networks router is a network routing device developed by the Indian company Quantum Networks. The Quantum Networks router has a security vulnerability. This vulnerability stems from the lack of rate-limiting mechanisms and CAPTCHA protection in the web-based management interface. As a...

8.8CVSS5.8AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-34200

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References4
Rows per page
Query Builder