Lucene search
K

3169 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS0.00157EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2 days ago9 views

CVE-2026-35095

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40324

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-35098 Improper Restriction of Excessive Authentication Attempts in KTM System e-BOK

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
CVE
CVE
added 2 days ago6 views

CVE-2026-35097

The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-35098

KTM System e-BOK is affected by CVE-2026-35098 due to no rate limiting on login attempts, enabling brute-force attacks for user accounts. When paired with CVE-2026-35097 (six-digit numeric passwords), the risk increases. A patch was released in June 2026 to fix this issue. The CVSS metrics from C...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40325

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
CVE
CVE
added 2 days ago8 views

CVE-2026-35096

KTM System e-BOK is affected by a Cross-Site Request Forgery (CSRF) in the email-change and password-change functions. The issue allows an attacker to lure an authenticated user to a malicious site that issues forged requests to perform an email or password change without user interaction. Root c...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40323

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-35095

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS5.7AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40322

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS5.7AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2 days ago6 views

CVE-2026-35095

Technical details (affected products/components, root cause, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.7AI score0.00145EPSS
Exploits0References2
Circl
Circl
added 3 days ago5 views

CVE-2026-41896

creationtimestamp| type| source ---|---|--- 2026-06-29 23:13:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mphmhrstrp2h 2026-06-29 23:18:12+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphmq3627t2n...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Circl
Circl
added 3 days ago6 views

CVE-2026-13580

creationtimestamp| type| source ---|---|--- 2026-06-29 16:49:26+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgwyvgzlc25 2026-06-29 17:29:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgzarylj723 2026-06-29 22:08:27+00:00| seen|...

9CVSS7.3AI score0.00445EPSS
Exploits0References3
Circl
Circl
added 3 days ago6 views

CVE-2026-57333

creationtimestamp| type| source ---|---|--- 2026-06-29 16:28:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgvtgfetf2o 2026-06-29 16:59:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgxl4dxci2b 2026-06-29 20:40:15+00:00| seen|...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References3
Rows per page
Query Builder