Lucene search
+L

22 matches found

Cvelist
Cvelist
added 2025/10/17 12:0 a.m.14 views

CVE-2025-56221

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack...

0.00561EPSS
Exploits0References1
OSV
OSV
added 2025/08/20 4:16 a.m.4 views

CVE-2025-57788

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

6.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2025/08/20 4:16 a.m.12 views

CVE-2025-57788

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

6.9CVSS0.02721EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2025/08/20 12:0 a.m.2 views

CVE-2025-57788 Unauthorized API Access Risk

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

6.9CVSS6.9AI score0.02721EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2025/08/08 6:10 p.m.4 views

CVE-2012-10047

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...

10CVSS6.6AI score0.00927EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/05 12:4 p.m.10 views

CVE-2025-27456

The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...

7.5CVSS6.6AI score0.00508EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.5 views

PT-2025-27785 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The login mechanism of the affected system does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to...

7.5CVSS6.3AI score0.00508EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.8 views

PT-2025-25321 · Sick Ag · Sick Media Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a login mechanism that does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromise the server. Recommendations...

5.3CVSS6.3AI score0.00453EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/12/31 1:32 a.m.7 views

CVE-2024-12839 Changing Information Technology CGFIDO - Authentication Bypass

The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...

8.8CVSS7.5AI score0.00687EPSS
Exploits0References2
OSV
OSV
added 2024/06/07 10:28 p.m.22 views

GHSA-3X57-M5P4-RGH4 ZendOpenID potential security issue in login mechanism

Using the Consumer component of ZendOpenId or ZendOpenId in ZF1, it is possible to login using an arbitrary OpenID account without knowing any secret information by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity MyOpenID, Google, etc,...

7.5CVSS7.2AI score
Exploits0References5
OSV
OSV
added 2024/04/12 11:7 a.m.6 views

OESA-2024-1443 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

8.1CVSS6.8AI score0.01394EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.6 views

OESA-2024-1441 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

8.1CVSS6.8AI score0.01394EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.6 views

OESA-2024-1445 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

8.1CVSS6.8AI score0.01394EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/07 4:4 p.m.19 views

CVE-2022-41333

An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...

7.5CVSS7.1AI score0.0723EPSS
Exploits3References2
Cvelist
Cvelist
added 2021/10/13 4:55 p.m.25 views

CVE-2021-35498 TIBCO EBX Insecure Login Mechanism

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it...

9.8CVSS9.7AI score0.01271EPSS
Exploits0References2
0day.today
0day.today
added 2020/07/15 12:0 a.m.237 views

Online Polling System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Polling System 1.0 - Authentication Bypass Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass...

0.2AI score
Exploits0
OSV
OSV
added 2017/07/12 2:29 p.m.20 views

CVE-2017-11187

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly...

9.8CVSS6.9AI score
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2014/02/17 3:37 p.m.11 views

Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer

More info at https://framework.zend.com/security/advisory/ZF2014-02...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/17 3:37 p.m.10 views

Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer

More info at https://framework.zend.com/security/advisory/ZF2014-02...

7.2AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2013/02/26 5:45 p.m.7 views

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...

7.4AI score
Exploits0
Rows per page
Query Builder