PT-2026-42110

Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42 Description Password data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass function utilizes memcmp, which can allow an attacker t...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Security vulnerabilities existed in versions prior to PostgreSQL...

Brute Force

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Brute Force via the getapivideopasswordiscorrect API endpoint, which allows unauthenticated users to verify passwords for protected videos without rate limiting or...

CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...

EUVD-2020-16107

Malware in sbrugna...

Weak Password Requirements

Overview Affected versions of this package are vulnerable to Weak Password Requirements via manipulation of the Senha/Confirmação da senha argument in the User Creation Page. An attacker can bypass strong password requirements by submitting weak passwords during user account creation. Remediation...

EUVD-2023-2909

Malicious code in bioql PyPI...

CVE-2025-10320

Dreamer CMS (it-eachyou Dreamer CMS) versions through 4.1.3.2 are affected by a vulnerability in the handling of /admin/user/updatePwd that results in weak password requirements. The root cause is an improper processing path for updatePwd, permitting a password policy bypass. Exploitation can be ...

CVE-2023-47111

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...

CVE-2021-24881

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted...

SUSE SLES15 Security Update : apparmor (SUSE-SU-2025:1193-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1193-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin...

PT-2024-4073 · NetGear · Netgear Wnr614

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 version N300-V1.1.0.54 1.0.1 Description: The issue is related to weak password requirements in the Netgear WNR614 N300 Wi-Fi router, allowing attackers to create passwords that do not conform to defined security standards. Thi...

ZKTeco ZKBioSecurity Security Vulnerabilities

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBioSecurity version 6.1.1 that originates from a vulnerability that allows an authenticated user to bypass password checks while exporting data from the application...

Race Condition

github.com/zitadel/zitadel is vulnerable to Race Condition. The vulnerability is caused by a failure in handling multiple parallel password checks correctly while checking for failed password check attempts. This can lead to an attacker trying more password combinations and exceed the maximum...

Default credentials

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...

CVE-2023-47111

CVE-2023-47111 describes a race condition in ZITADEL’s lockout policy: an attacker could initiate multiple parallel password checks, enabling more attempts than the policy allows. The issue affects ZITADEL’s identity infrastructure and relates to the handling of failed password checks within the ...

ZITADEL Competitive conditions loophole

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. ZITADEL versions prior to 2.40.5, 2.38.3 and prior to 2.38.3 suffer from a Competing Conditions Issue vulnerability that...

VulnCheck KEV: CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

DEBIAN-CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

PT-2023-22013 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.16.1 Description: An issue was discovered in LemonLDAP::NG that allows attackers to bypass 2FA verification due to weak session ID generation in the AuthBasic handler and incorrect failure handling during a...