13 matches found
EUVD-2026-36793
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...
CVE-2026-49953
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...
CVE-2026-49953 Discuz! X5.0 CAPTCHA Bypass via Predictable Character Set
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...
PT-2026-5404
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub 40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...
MiracleLinux 3 : squirrelmail-1.4.8-21.AXS3 (AXSA:2013-274:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-274:01 advisory. SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render...
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
EUVD-2023-41265
Malicious code in bioql PyPI...
Gen Z breakups tainted by login abuse for spying and stalking, research shows
Breaking up is hard to do, but for younger Americans today, ending a romantic relationship requires more than a heart-to-heart conversation—it could also require protection against follow-on invasions of online privacy and security. According to a new analysis of research released earlier this...
PT-2023-25932 · Weintek · Weintek Weincloud
Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to abuse the registration functionality to login with testing credentials to the official website. Recommendations: For Weintek Weincloud version 0.13.6, consider...
PT-2022-26163 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.2 XWiki Platform versions prior to 14.6RC1 Description: The issue allows an attacker to create many new schemas and fill them with tables by using a crafted user...
Roxy-WI SQL注入漏洞
Roxy-WI is a web interface for managing Haproxy, Nginx, and Keepalived servers. SQL injection vulnerabilities exist in Roxy-WI 5.2.2.0 and earlier versions, and attackers can use checklogin to extract a valid uuid to bypass authentication...
D-Link DIR-2640-US Incorrect Access Control Vulnerability
The D-Link DIR-2640-US is a network router device. A security vulnerability exists in the D-Link DIR-2640-US, which can be exploited by an attacker to use telnet login, modify routing information, monitor the traffic of all devices under the router, hijack DNS, and phishing attacks...
WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For
How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if yo...