org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

EUVD-2026-30284

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

EUVD-2026-25406

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissionsread permission callback unconditionally returns true via returntrue instead of checking for...

PT-2026-34864

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions read permission callback unconditionally returns true via return true instead of checking for...

CVE-2026-3106

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

CVE-2026-3106

CVE-2026-3106 describes a Blind Cross-Site Scripting (XSS) vulnerability in Teampass, affecting versions prior to 3.1.5.16. The issue resides in the password manager login flow, specifically the login form parameter labeled ‘contraseña’ in the redacted/index.php page. During failed authentication...

EUVD-2026-17345

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

CVE-2026-3106

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

CVE-2026-3106 Multiple vulnerabilities in Teampass

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

PT-2026-29212

Name of the Vulnerable Software and Affected Versions Teampass versions prior to 3.1.5.16 Description The application does not properly clean or encode user-provided information during failed authentication attempts. Specifically, the contraseña parameter within the login form at...

CVE-2025-13471

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

EUVD-2025-206412

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

CVE-2025-35021

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

CVE-2025-35021

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

CVE-2025-35021

Technical details for CVE-2025-35021 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are specified here; monitor for official advisories for concrete information.

Abilis CPX 安全漏洞

Abilis CPX is a software platform for a range of, voice and data network management equipment from Abilis, Italy. A security vulnerability exists in Abilis CPX that originates from the ability to log into a restricted shell after three failed SSH authentication attempts, which could lead to a...

EUVD-2007-5380

Malware in sbrugna...

CVE-2025-58587

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials...

CVE-2025-58587 Improper Restriction of Excessive Authentication Attempts

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials...

EUVD-2025-32507

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials...