Lucene search
K

24847 matches found

Nuclei
Nuclei
added 9 hours ago26 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6.2AI score0.14847EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago73 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.4AI score0.0102EPSS
Exploits2References4
NVD
NVD
added yesterday4 views

CVE-2026-5040

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday22 views

CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-5040

The CVE-2026-5040 entry applies to TP-Link Deco M5 v1. The issue stems from a weak password hashing mechanism used to store user credentials. An attacker who obtains the password hash via system compromise or privileged access could perform brute-force or dictionary attacks. Practical consequence...

7.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-9561

CVE-2026-9561 affects Eclipse Kura before 5.6.2. The Web Console (org.eclipse.kura.web2) and REST API (org.eclipse.kura.rest.provider) trust the client-controlled X-Forwarded-For header as the primary source for client IP in audit contexts, and Jetty’s ForwardedRequestCustomizer is installed on a...

8.8CVSS6.1AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-9561

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS0.00204EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43560

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-61458

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS0.00304EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-61458

PasswordPusher

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS0.00304EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-57691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57401

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through = 1.8.0...

9.9CVSS0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57691 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.89 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

6.1AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-57885

Name of the Vulnerable Software and Affected Versions PasswordPusher versions prior to 2.9.2 Description An issue exists where passphrase-protected pushes are susceptible to brute-force attacks. The 'POST /p/:token/access' endpoint lacks route-specific rate limiting and per-push lockout mechanism...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-57712

Name of the Vulnerable Software and Affected Versions SureDash versions prior to 1.8.1 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in the SureDash plugin. This flaw allows an attacker to access files and directories outside the...

9.9CVSS6.1AI score0.00382EPSS
Exploits0References3
Rows per page
Query Builder