Lucene search
K

11 matches found

NVD
NVD
added yesterday9 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-35098

KTM System e-BOK is affected by CVE-2026-35098 due to no rate limiting on login attempts, enabling brute-force attacks for user accounts. When paired with CVE-2026-35097 (six-digit numeric passwords), the risk increases. A patch was released in June 2026 to fix this issue. The CVSS metrics from C...

6.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-35097

The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...

6.9CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40323

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-35096

KTM System e-BOK is affected by a Cross-Site Request Forgery (CSRF) in the email-change and password-change functions. The issue allows an attacker to lure an authenticated user to a malicious site that issues forged requests to perform an email or password change without user interaction. Root c...

5.1CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-35095

Technical details (affected products/components, root cause, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-35095 Session fixation in KTM System e-BOK

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS
Exploits0References2
Rows per page
Query Builder