3 matches found
PT-2026-45995
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...
CVE-2025-52392
CVE-2025-52392 affects Soosyze CMS 2.0. The root cause is missing rate-limiting and account lockout on the /user/login endpoint, enabling brute-force login attempts and potentially unauthorized administrative access. Public sources in connected documents describe a brute-force tool and PoC usage,...
PT-2023-24767 · Tgstation · Tgstation
Name of the Vulnerable Software and Affected Versions: TGstation versions prior to 5.12.5 Description: TGstation is a toolset to manage production BYOND servers. In affected versions, if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by...