EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

GHSA-W5FM-68J4-FPC4 File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

PT-2026-49065

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

CVE-2026-44611 MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...

USN-8309-1 libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

USN-8309-1: libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

CLSA-2026-1778895374 Fix CVE(s): CVE-2026-7598

SECURITY UPDATE: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - debian/patches/CVE-2026-7598.patch: Fix integer overflow in userauthpassword usernamelen/passwordlen bounds checks - CVE-2026-7598...

libssh2: Fix of CVE-2026-7598

CVE-2026-7598: add usernamelen/passwordlen bounds checks in userauthlist and userauthpassword to prevent integer overflow when allocating the SSH USERAUTHREQUEST packet buffer...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the userauthpassword function in userauth.c. An attacker can cause memory corruption or potentially execute arbitrary code by sending specially crafted values for usernamelen or passwordlen remotely...

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

CVE-2026-7598

CVE-2026-7598 affects libssh2 up to 1.11.1. The vulnerable component is the function userauth_password in src/userauth.c, where manipulation of username_len/password_len can trigger an integer overflow. The issue could allow a remote attacker to exploit the overflow, impacting confidentiality/ in...

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

EUVD-2026-26529

A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...

libssh2 数字错误漏洞

libssh2 is The libssh2 project open source a client C library that implements the SSH2 protocol , it can execute remote commands , file transfers , as well as for remote programs to provide a secure transmission channel . libssh2 1.11.1 and earlier versions of the number error vulnerability , the...

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2018-25237 Hirschmann HiSecOS Buffer Overflow via HTTPS Login

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers...