Lucene search
K

28 matches found

NVD
NVD
added 2026/06/30 2:16 p.m.12 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS0.00157EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 2:16 p.m.12 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 2:16 p.m.11 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.31 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 1:37 p.m.14 views

CVE-2026-35098

KTM System e-BOK is affected by CVE-2026-35098 due to no rate limiting on login attempts, enabling brute-force attacks for user accounts. When paired with CVE-2026-35097 (six-digit numeric passwords), the risk increases. A patch was released in June 2026 to fix this issue. The CVSS metrics from C...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.8 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 1:37 p.m.11 views

CVE-2026-35097

The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 1:37 p.m.9 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 1:37 p.m.15 views

CVE-2026-35096

KTM System e-BOK is affected by a Cross-Site Request Forgery (CSRF) in the email-change and password-change functions. The issue allows an attacker to lure an authenticated user to a malicious site that issues forged requests to perform an email or password change without user interaction. Root c...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:37 p.m.7 views

EUVD-2026-40323

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 1:37 p.m.25 views

CVE-2026-35095

Technical details (affected products/components, root cause, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.7AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.35 views

CVE-2026-35095 Session fixation in KTM System e-BOK

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2023/06/12 6:16 p.m.25 views

ktm-occasion.fr Cross Site Scripting vulnerability OBB-3420065

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/24 12:42 p.m.17 views

ktm-occasion.fr Cross Site Scripting vulnerability OBB-3232078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/24 12:41 p.m.18 views

ktm-albi.fr Cross Site Scripting vulnerability OBB-3232075

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/08/26 8:6 a.m.8 views

ktm-bike.pt Cross Site Scripting vulnerability OBB-1277047

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/07/11 11:15 p.m.15 views

arquivo.ktm-bike.pt Cross Site Scripting vulnerability OBB-1222209

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/07/07 3:15 a.m.9 views

ktm-bike.pt Cross Site Scripting vulnerability OBB-1217979

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Openbugbounty
Openbugbounty
added 2020/06/04 12:9 a.m.9 views

ktm-bike.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1183187 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/01 2:59 p.m.11 views

ktm-bike.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1180471 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.7AI score
Exploits0
Rows per page
Query Builder