Lucene search
K

1316 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Deciso OPNsense 安全漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained security vulnerabilities. These vulnerabilities were caused by logical flaws in the lockouthandler module, allowing...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 10:30 p.m.37 views

CVE-2026-44547 ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

9.6CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 10:30 p.m.11 views

CVE-2026-44547 ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

9.6CVSS5.8AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 10:30 p.m.21 views

CVE-2026-44547

CVE-2026-44547 affects ChurchCRM 7.2.0–7.2.2, where an incomplete fix for CVE-2026-4058 left the public login path exploitable. The hardening commit was merged but silently stripped from src/api/routes/public/public-user.php before any 7.2.x tag was cut, so all 7.2.x releases remain vulnerable. T...

9.6CVSS5.8AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:21 p.m.9 views

Improper Handling of Case Sensitivity

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting usernames with different...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:21 p.m.12 views

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting usernames wit...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:21 p.m.7 views

Improper Handling of Case Sensitivity

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:21 p.m.6 views

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 4:16 p.m.6 views

DEBIAN-CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 3:26 p.m.69 views

CVE-2026-43513 Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

0.00467EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 3:26 p.m.50 views

CVE-2026-43513

CVE-2026-43513 : Apache Tomcat has an improper handling of case sensitivity in LockOutRealm. Affects Tomcat 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 (older unsupported versions may also be affected). Upgrading...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.11 views

Apache Tomcat 10.1.0.M1 < 10.1.55 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.55. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.55security-10 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat...

9.8CVSS6.6AI score0.01339EPSS
Exploits2References18
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Security vulnerabilities exist in versions of Apache Tomcat ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.111 views

Apache Tomcat 9.0.0.M1 < 9.0.118 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.118. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.118security-9 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. Th...

9.8CVSS6.6AI score0.01339EPSS
Exploits2References18
OSV
OSV
added 2026/05/11 6:31 p.m.14 views

GHSA-HV9P-2PQF-R5W3 pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29088

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 6:31 p.m.8 views

Brute Force

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Brute Force due to improper enforcement of account lockout in the login. An attacker can bypass account lockout protections and perform unlimited password-guessing attempts by submitting valid credentials...

8.3CVSS5.8AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.17 views

CVE-2026-7820

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 2:35 p.m.12 views

CVE-2026-7820

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 2:35 p.m.13 views

CVE-2026-7820 pgAdmin 4: Account-lockout bypass via Flask-Security default /login view

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder