Lucene search
K

1313 matches found

NVD
NVD
added 2026/07/01 1:17 p.m.5 views

CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously issued temporary passwords, furthermore, password resets are not limited in any way. An attacker who...

7.1CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:58 a.m.18 views

CVE-2026-53904

CVE-2026-53904 affects MCO; vulnerability is an Account Denial of Service due to improper password-reset implementation. The description across sources states that every reset request invalidates the current password and any issued temporary passwords, with no limits on reset requests. An attacke...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 4:9 p.m.11 views

CVE-2026-11779

Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:18 p.m.3 views

GHSA-R4V7-6WCG-GHJ5 FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks

Summary The /api/auth/login endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerability...

6.5CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:2 p.m.3 views

CVE-2026-56450

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS5.9AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 4:17 p.m.14 views

CVE-2026-56228

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.23 views

CVE-2026-56228

Capgo before 12.128.2 is vulnerable to improper password policy length validation. An authenticated organization administrator can set an extremely large minimum password length value, causing all users to fail password changes and effectively lock out the organization, resulting in an applicatio...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.31 views

CVE-2026-56228 Capgo - Denial of Service via Improper Password Policy Length Validation

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56212

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS0.00206EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38094

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 12:14 a.m.5 views

CVE-2026-56212

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 12:14 a.m.9 views

EUVD-2026-38098

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 10:16 p.m.17 views

CVE-2026-56080

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 9:39 p.m.15 views

CVE-2026-56080

Capgo before 12.128.2 has an Enforce Password Policy flaw: after a Super Admin enables the policy and sets a compliant password, the backend does not update the password‑compliance state, so the account remains non‑compliant and the system repeatedly prompts for password resets, effectively locki...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.21 views

CVE-2026-56080 Cap-go - Authentication Logic Flaw in Enforce Password Policy

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Tomcat9

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protections provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS6.7AI score0.09886EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.15 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba. A race condition in the password lockout code may lead to the risk of brute-force attacks succeeding if certain conditions are met...

5.9CVSS6.6AI score0.00758EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51038

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/15 6:1 p.m.9 views

Brute Force Attack

Yamcs Core is vulnerable to Brute Force Attack. The vulnerability is due to the absence of rate limiting, account lockout, and failed login throttling on the /auth/token endpoint, which allows an attacker to perform unlimited password-guessing attempts and conduct brute-force attacks against user...

5.2AI score0.00052EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder