OESA-2026-2443 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

CVE-2024-34419

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0...

EUVD-2024-34780

Malicious code in bioql PyPI...

CVE-2025-8118 Bruteforce Protection Bypass in PAD CMS

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

PT-2025-39967

Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description The software utilizes weak client-side brute-force protection relying on cookies, specifically login count and login timeout. The attempt count and timeout information are not stored...

Configure a Proper Value for LoginGraceTime

LoginGraceTime is used to limit the login time of a user. If a user does not complete the login within the time specified by LoginGraceTime, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 60, in seconds. If this field is set to a...

CVE-2024-34419

CVE-2024-34419: Stored XSS in the WordPress plugin Configure Login Timeout (Nathan Vonnahme). The issue is triggered by improper input neutralization during web-page generation, affecting Configure Login Timeout versions up to 1.0 (no details on patch/version beyond 1.0). Attacker requires high p...

CVE-2024-34419 WordPress Configure Login Timeout plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.This issue affects Configure Login Timeout: from n/a through 1.0...

PT-2024-25871 · Unknown · Configure Login Timeout

Name of the Vulnerable Software and Affected Versions: Configure Login Timeout versions from n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: F...

WordPress Configure Login Timeout plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Configure Login Timeout versions = 1.0...

WordPress Configure Login Timeout Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Configure Login Timeout Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34419 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID eea64f2b0ecf Credits Sharanabasappa Required privilege...

i-doit Open 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit Open v24, which stems from a timeout parameter on the login page containing reflected cross-site scripting XSS...

ETX-R vulnerable to cross-site request forgery

Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#61317238: ETX-R vulnerable to cross-site request forgery

ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workarounds may mitigate the...

Debian: Security Advisory (DSA-1638-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...

Beck IPC@Chip TelnetD vulnerable to account lockout via idle telnet connection

Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to create a denial-of-service condition. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that is configured by default to not have a login timeout. Additionally,...