Lucene search
+L

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-41714

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00578EPSS
Exploits0References1
NVD
NVD
added 2025/09/20 7:15 a.m.4 views

CVE-2025-10658

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS0.00318EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/23 3:41 p.m.20 views

CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS

Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...

8.7CVSS0.00361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:37 a.m.6 views

CVE-2024-45404

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...

8.1CVSS7.2AI score0.00578EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 2:2 a.m.11 views

CVE-2024-45404

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...

8.1CVSS0.00578EPSS
Exploits0References1
OSV
OSV
added 2024/12/11 10:1 p.m.5 views

CVE-2024-45404 OpenCTI's lack of Rate Limit lead to OTP brute forcing

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...

8.1CVSS7AI score0.00578EPSS
Exploits0References3
CVE
CVE
added 2024/12/11 10:1 p.m.77 views

CVE-2024-45404

CVE-2024-45404 affects OpenCTI prior to 6.2.18. The root cause is the absence of rate limiting on the OTP mechanism, specifically the otpLogin mutation, enabling an attacker with valid credentials (or a malicious insider) to bypass two-factor authentication and hijack an account. Evidence from mu...

8.1CVSS7.3AI score0.00578EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.6 views

PT-2024-31608 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.2.18 Description: The issue affects the two-factor authentication mechanism in OpenCTI, an open-source cyber threat intelligence platform. Due to the lack of a function to limit the rate of One Time Passwords OTPs,...

8.1CVSS6.4AI score0.00578EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/11 11:56 a.m.39 views

CVE-2024-45788 No Rate Limiting Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP...

8.7CVSS0.00498EPSS
Exploits0References1
Rows per page
Query Builder