Lucene search
K

13 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36793

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-49953

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 6:45 p.m.27 views

CVE-2026-49953 Discuz! X5.0 CAPTCHA Bypass via Predictable Character Set

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.10 views

PT-2026-5404

A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub 40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...

6.3CVSS5.5AI score0.00987EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 3 : squirrelmail-1.4.8-21.AXS3 (AXSA:2013-274:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-274:01 advisory. SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render...

5CVSS6.4AI score0.02451EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 1:25 a.m.28 views

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS0.0039EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-41265

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00511EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2024/07/18 12:36 p.m.13 views

Gen Z breakups tainted by login abuse for spying and stalking, research shows

Breaking up is hard to do, but for younger Americans today, ending a romantic relationship requires more than a heart-to-heart conversation—it could also require protection against follow-on invasions of online privacy and security. According to a new analysis of research released earlier this...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.6 views

PT-2023-25932 · Weintek · Weintek Weincloud

Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to abuse the registration functionality to login with testing credentials to the official website. Recommendations: For Weintek Weincloud version 0.13.6, consider...

8.8CVSS8.5AI score0.00511EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.7 views

PT-2022-26163 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.2 XWiki Platform versions prior to 14.6RC1 Description: The issue allows an attacker to create many new schemas and fill them with tables by using a crafted user...

7.5CVSS5.8AI score0.00518EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/08/07 12:0 a.m.6 views

Roxy-WI SQL注入漏洞

Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, and attackers can use checklogin to extract a valid uuid to bypass authentication...

9.8CVSS5.9AI score0.01286EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/18 12:0 a.m.7 views

D-Link DIR-2640-US Incorrect Access Control Vulnerability

The D-Link DIR-2640-US is a network router device. A security vulnerability exists in the D-Link DIR-2640-US, which can be exploited by an attacker to use telnet login, modify routing information, monitor the traffic of all devices under the router, hijack DNS, and phishing attacks...

8.1CVSS6.9AI score0.01631EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/02/15 11:18 a.m.4 views

WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For

How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if yo...

6.8AI score
Exploits0
Rows per page
Query Builder