CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1294 matches found

Brute Force Attack

Yamcs Core is vulnerable to Brute Force Attack. The vulnerability is due to the absence of rate limiting, account lockout, and failed login throttling on the /auth/token endpoint, which allows an attacker to perform unlimited password-guessing attempts and conduct brute-force attacks against user...

5.2AI score0.00052EPSS

Exploits2References3Affected Software1

Vulnrichment•added 5 days ago•4 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.5AI score0.00258EPSS

Exploits0References2

Vulnrichment•added 6 days ago•6 views

CVE-2026-49973 Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings

Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the setpassword parameter to the settings API endpoint without any network origin restriction. Attackers on any reachable netwo...

9.4CVSS5.5AI score0.00543EPSS

Exploits0References5

SUSE Linux•added 6 days ago•4 views

Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

8.7CVSS6.6AI score0.0078EPSS

Exploits1References28

Tenable Nessus•added 6 days ago•6 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Tomcat vulnerabilities (USN-8417-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8417-1 advisory. It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request...

9.8CVSS8.2AI score0.0078EPSS

Exploits1References7

OSV•added 2026/06/10 6:44 a.m.•5 views

USN-8417-1 tomcat9, tomcat10 vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.0078EPSS

Exploits1References7

Ubuntu•added 2026/06/10 6:44 a.m.•9 views

USN-8417-1: Tomcat vulnerabilities

9.8CVSS7.7AI score0.0078EPSS

Exploits1

CVE•added 2026/06/08 3:41 p.m.•14 views

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

7.1CVSS5.5AI score0.00194EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/06/08 12:0 a.m.•7 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1770)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1770 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

9.8CVSS6.5AI score0.0078EPSS

Exploits1References16

CNNVD•added 2026/06/08 12:0 a.m.•7 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...

7.1CVSS5.4AI score0.00194EPSS

Exploits0References2

SUSE CVE•added 2026/06/06 3:25 a.m.•3 views

SUSE CVE-2025-6004

Vault and Vault Enterprise's “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS5.8AI score0.00381EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:48 p.m.•6 views

CVE-2026-36959

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

7.5CVSS5.5AI score0.00368EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:44 p.m.•7 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.4AI score0.00236EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:35 p.m.•6 views

CVE-2026-5794

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.5AI score0.00256EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS5.5AI score0.00174EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:25 p.m.•7 views

CVE-2026-44195

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...

6.5CVSS5.5AI score0.00318EPSS

Exploits1References1

Tenable Nessus•added 2026/06/05 12:0 a.m.•8 views

Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-8383-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8383-1 advisory. It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass...

9.8CVSS7.7AI score0.00559EPSS

Exploits1References4

RedhatCVE•added 2026/06/04 4:1 p.m.•11 views

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

6.4CVSS5.8AI score0.00139EPSS

Exploits0References1

Ubuntu•added 2026/06/04 1:15 p.m.•8 views

USN-8383-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. CVE-2026-43512 It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use...

9.8CVSS7.6AI score0.00559EPSS

Exploits1