14 matches found
GO-2026-5691 File Browser has a DoS Vulnerability via Public Login API in github.com/filebrowser/filebrowser
File Browser has a DoS Vulnerability via Public Login API in github.com/filebrowser/filebrowser...
CVE-2026-54092 File Browser: DoS Vulnerability on Public Login API
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...
File Browser has a DoS Vulnerability via Public Login API
Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...
CVE-2026-40485
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
CVE-2026-40485 ChurchCRM: Username Enumeration via Differential Response in Public Login API
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
CVE-2026-40485 ChurchCRM: Username Enumeration via Differential Response in Public Login API
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
CVE-2026-40485
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
EUVD-2026-23599
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
CVE-2026-40485
ChurchCRM is affected in versions prior to 7.2.0 where the public login API at /api/public/user/login reveals usernames through distinguishable HTTP responses (404 for non-existent users vs 401 for valid users with wrong passwords), enabling unauthenticated username enumeration without rate limit...
PT-2026-33533
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
PT-2026-33527
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.2.0 Description The '/api/public/user/login' endpoint validates only the username and password before returning the user's API key. This process bypasses the standard authentication flow, which includes account...
Clibo Manager 安全漏洞
Clibo Manager is a management platform from Clibo Manager, Inc. providing sports clubs with the ability to manage subscriptions and ticket sales, as well as direct contact with subscribers, events, sales statistics, and more. A security vulnerability exists in Clibo Manager version 1.9.12, which...
CVE-2019-9206
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued...
freenet6 weak permissions
tspc.conf file with login and password is world readable...