Lucene search
K

347 matches found

attackerkb
attackerkb
added 2026/05/15 6:36 p.m.6 views

CVE-2026-45010

phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by...

9.1CVSS6AI score0.00339EPSS
Exploits0References3
osv
osv
added 2026/05/06 8:42 p.m.8 views

GHSA-9PQ7-MFWH-XX2J phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...

9.1CVSS6.1AI score0.00339EPSS
Exploits0References4
nvd
nvd
added 2026/04/20 4:16 p.m.6 views

CVE-2026-24467

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9.8CVSS0.009EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/04/20 3:40 p.m.2 views

CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9CVSS5.7AI score0.009EPSS
Exploits1References4
euvd
euvd
added 2026/04/20 3:40 p.m.4 views

EUVD-2026-23882

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9CVSS5.7AI score0.009EPSS
Exploits1References4
cve
cve
added 2026/04/20 3:40 p.m.37 views

CVE-2026-24467

OpenAEV (versions 1.0.0 up to 2.0.12) suffers password reset token weaknesses that enable unauthenticated account takeover and platform compromise. The root cause is password reset tokens that never expire and are only 8 digits long, allowing token accumulation and rapid brute-forcing across mult...

9.8CVSS5.7AI score0.009EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/04/20 3:40 p.m.28 views

CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9CVSS0.009EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/20 3:40 p.m.4 views

CVE-2026-24467

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable...

9CVSS5.7AI score0.009EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.15 views

PT-2026-33787

Name of the Vulnerable Software and Affected Versions OpenAEV versions 1.0.0 through 2.0.12 Description The password reset implementation contains security weaknesses that allow for reliable account takeover. Password reset tokens do not expire and remain valid indefinitely, even after new tokens...

9.8CVSS5.5AI score0.009EPSS
Exploits1References12
redhatcve
redhatcve
added 2026/04/02 10:53 a.m.5 views

CVE-2026-2696

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/01 6:0 a.m.5 views

CVE-2026-2696

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1
cve
cve
added 2026/04/01 6:0 a.m.19 views

CVE-2026-2696

The CVE-2026-2696 entry concerns the WordPress plugin Export All URLs (versions before 5.1). Affected component: the plugin’s CSV filename generation uses a predictable pattern based on a random 6‑digit number, and exported CSVs are stored in publicly accessible wp-content/uploads. This enables a...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:16 p.m.3 views

CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

4.4CVSS5.8AI score0.00107EPSS
Exploits0References1
susecve
susecve
added 2026/03/25 12:28 a.m.3 views

SUSE CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS6AI score0.00124EPSS
Exploits0References3
susecve
susecve
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

4.4CVSS5.9AI score0.00107EPSS
Exploits0References3
nessus
nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References3
snyk
snyk
added 2026/03/24 12:32 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in numbertodelimited in the NumberToDelimitedConverter. An attacker can cause...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References2
osv
osv
added 2026/03/24 12:16 a.m.7 views

DEBIAN-CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

5.3CVSS4.4AI score0.00498EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/23 11:7 p.m.22 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS0.00498EPSS
Exploits0References7
osv
osv
added 2026/03/23 11:7 p.m.5 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References9
Rows per page
Query Builder