CVE-2025-8118 Bruteforce Protection Bypass in PAD CMS

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

Authentication flaw

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn...