Lucene search
K

24769 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6805

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

7.5CVSS5.5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-24000

Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limitin...

6.9CVSS6.5AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-46356

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...

7.5CVSS5.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.5AI score0.00218EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

6.5CVSS5.3AI score0.00209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44611

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

5.9CVSS5.5AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41037

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

8.8CVSS5.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41038

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading...

8.8CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.7AI score0.0054EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6947

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

8.7CVSS5.5AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33667

OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirmotp action of the twofactorauthentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing bruteforceblockafterfailedlogins setting...

7.4CVSS5.4AI score0.00296EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.7 views

CVE-2026-42377

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.4AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42365

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...

8.6CVSS5.5AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-8760

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

9.8CVSS5.4AI score0.00595EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

9.3CVSS5.4AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.16 views

CVE-2026-8697

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.8CVSS5.5AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.12 views

CVE-2024-0391

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

5.3CVSS5.5AI score0.00184EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 4:3 p.m.5 views

Brute Force

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Brute Force via the auth.service.ts file. An attacker can determine whether specific email addresses are registered by measuring the response time of sign-in attempts. Remediation Upgrade nocodb to version 0.301.3 or...

6.9CVSS5.3AI score0.00197EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 4:16 p.m.13 views

CVE-2026-36182

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack...

9.8CVSS0.0019EPSS
Exploits0References1
Rows per page
Query Builder