User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

📄 Soosyze CMS 2.0 Brute Forcer

Soosyze CMS version 2.0 authentication brute forcing tool that leverages an absence of rate limiting on the /user/login endpoint. ============================================================================================================================================= | Title : Soosyze CMS 2.0...

EUVD-2020-19101

Malware in sbrugna...

EUVD-2025-15580

Malicious code in bioql PyPI...

EUVD-2025-15582

Malicious code in bioql PyPI...

EUVD-2025-15581

Malicious code in bioql PyPI...

CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts...

laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

GHSA-9FWJ-9MJF-RHJ3 laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

GHSA-2F4R-34M4-3W8Q Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

Linux Distros Unpatched Vulnerability : CVE-2024-8260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input...

Red Hat WildFly Elytron 安全漏洞

Red Hat WildFly Elytron is a security framework for application servers from Red Hat USA. The product supports features such as configuring administrative access rights to servers. A security vulnerability exists in Red Hat WildFly Elytron, which stems from an insufficiently restricted...

CVE-2024-8260

An SMB force-authentication vulnerability exists in all versions of OPA. The vulnerability exists due to improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or one of the OPA Go library’s functions. Mitigation Mitigation for...

OPA for Windows has an SMB force-authentication vulnerability

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

GHSA-C77R-FH37-X2PX OPA for Windows has an SMB force-authentication vulnerability

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

CVE-2024-8260

Technical details for CVE-2024-8260 are not publicly available in the provided connected documents. The initial description mentions OPA on Windows and an SMB force-authentication issue, but no concrete affected versions, impact, exploit data, or fixes are given here. Monitor for updates.

CVE-2024-8260 OPA SMB Force-Authentication

A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s...

PT-2024-38897 · Unknown +1 · Opa Go Library +1

Name of the Vulnerable Software and Affected Versions: OPA for Windows versions prior to 0.68.0 Description: A SMB force-authentication vulnerability exists due to improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one ...

Akira Ransomware Exploits Cisco Zero-Day Vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-20269, is a concerning security issue that impacts the remote access VPN feature of Cisco ASA Adaptive Security Appliance and FTD Firepower Threa...

CVE-2023-3548

An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack...