Lucene search
K

1068 matches found

Cvelist
Cvelist
added 2026/02/27 6:9 p.m.22 views

CVE-2026-27755 SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

9.8CVSS0.00402EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 6:9 p.m.13 views

CVE-2026-27753

CVE-2026-27753 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where an authentication bypass in the device management interface allows remote attackers to perform unlimited login attempts without account lockout or rate limiting. This network-vector vulnerability enables passwor...

6.9CVSS6AI score0.00328EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 6:9 p.m.5 views

CVE-2026-27753 SODOLA SL902-SWTGW124AS <= 200.1.20 Improper Login Rate Limiting

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate...

6.9CVSS6AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/02/25 5:25 p.m.9 views

CVE-2026-27705

Plane is an an open-source project management tool. Prior to version 1.2.2, the ProjectAssetEndpoint.patch method in apps/api/plane/app/views/asset/v2.py lines 579–593 performs a global asset lookup using only the asset ID pk via FileAsset.objects.getid=pk, without verifying that the asset belong...

7.1CVSS0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20591

Name of the Vulnerable Software and Affected Versions Popup Builder – Create highly converting, mobile friendly marketing popups. versions prior to 4.4.3 Description The Popup Builder plugin for WordPress is susceptible to authorization bypass. This occurs because the plugin generates predictable...

5.3CVSS5.4AI score0.00372EPSS
Exploits0References7
OSV
OSV
added 2026/02/12 8:51 a.m.6 views

BIT-MOODLE-2025-67853 Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS5.6AI score0.00417EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 9:16 p.m.11 views

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS0.00565EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/11 8:49 p.m.26 views

CVE-2020-37104 ASTPP 4.0.1 VoIP Billing - Database Backup Download

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS0.00565EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

ASTPP 安全漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a security vulnerability. This vulnerability stems from information leakage, and it could allow unverified attackers to download database backup files by predicting the file name pattern...

8.7CVSS5.8AI score0.00565EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.7 views

Reverse Online Guessing Attacks on PAKE Protocols

Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.5 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 7:16 p.m.4 views

UBUNTU-CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.7AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.35 views

CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.7 views

EUVD-2026-5200

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.6 views

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.3AI score0.0025EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.8 views

Moodle Affected by Improper Restriction of Excessive Authentication Attempts

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS5.5AI score0.00417EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/03 11:15 a.m.9 views

CVE-2025-67853

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS0.00417EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 11:15 a.m.5 views

CVE-2025-67853

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 10:52 a.m.3 views

CVE-2025-67853 Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS5.5AI score0.00417EPSS
Exploits0References2
Rows per page
Query Builder