Lucene search
K

347 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 11:7 p.m.2 views

CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 8:52 p.m.12 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS5AI score0.00498EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from a logical error in the setPassword.json.php endpoint of the CustomizeUser plugin. This error could cau...

9.1CVSS5.8AI score0.00342EPSS
Exploits1References2
NVD
NVD
added 2026/03/22 3:16 a.m.4 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/03/22 3:16 a.m.4 views

UBUNTU-CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.8AI score0.00135EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/22 2:16 a.m.3 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.3AI score0.00135EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.8 views

PT-2026-26962

Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.5 Description SOGo does not properly renew One-Time Passwords OTPs when a user disables and re-enables them. Additionally, the generated OTPs have a length of only 12 digits, which is shorter than the recommended 20...

2.6CVSS6AI score0.00135EPSS
Exploits0References23
OSV
OSV
added 2026/03/13 9:41 p.m.4 views

CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References3
CVE
CVE
added 2026/03/13 9:41 p.m.19 views

CVE-2026-32729

Runtipi CVE-2026-32729: The /api/auth/verify-totp endpoint lacks rate limiting, attempt counting, and account lockout prior to version 4.8.1, allowing brute-forcing of a 6-digit TOTP if valid credentials are known. The TOTP verification session lasts ~24 hours (default cache TTL), enabling a larg...

8.8CVSS5.9AI score0.0034EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/11 6:16 p.m.4 views

CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

4.4CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 5:43 p.m.27 views

CVE-2026-31863 Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

3.6CVSS0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 5:43 p.m.13 views

CVE-2026-31863 Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

3.6CVSS5.8AI score0.00107EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 5:43 p.m.1 views

CVE-2026-31863 Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

3.6CVSS5.8AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:43 p.m.3 views

CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

3.6CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software3
Snyk
Snyk
added 2026/03/11 3:33 p.m.2 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force in the challenge process. An attacker can gain unauthorized access to the local gRPC API by bypassing the 4-digit code authentication mechanism. This is only exploitable if the attacker has local user-level access to the...

4.4CVSS5.9AI score0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24757

Name of the Vulnerable Software and Affected Versions Anytype Heart versions prior to 0.48.4 Anytype-CLI versions prior to 0.1.11 Anytype Desktop versions prior to 0.54.5 Description The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain...

9.9CVSS7AI score0.22162EPSS
Exploits70References137
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS5.5AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Red Hat Satellite 安全漏洞

Red Hat Satellite is a system management platform developed by the American company Red Hat. This platform can be used to expand Linux infrastructure and provides system management functions such as administration, configuration, and monitoring. Red Hat Satellite 6.16 for RHEL 8 contains security...

7.5CVSS5.8AI score0.00468EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/26 7:35 p.m.9 views

EUVD-2026-8826

Fleet: Device lock PIN can be predicted if lock time is known...

4.1CVSS5.2AI score0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 5:37 p.m.23 views

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

6.3CVSS0.003EPSS
Exploits0References3
Rows per page
Query Builder