Lucene search
+L

284 matches found

cnnvd
cnnvd
added 2026/04/06 12:0 a.m.10 views

Bulwark Webmail 安全漏洞

Bulwark Webmail is an open-source, self-hosted webmail client developed by Bulwark Mail. Versions of Bulwark Webmail prior to 1.4.11 contained security vulnerabilities. These vulnerabilities stemmed from the getClientIP function, which trusted the X-Forwarded-For header provided by the client. Th...

8.7CVSS5.8AI score0.00136EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.7 views

vLLM 安全漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM prior to 0.7.0 to 0.19.0 contained security vulnerabilities. These vulnerabilities stemmed from the VideoMediaIO.loadbase64 method not...

6.5CVSS5.8AI score0.00378EPSS
Exploits0References2
github
github
added 2026/03/31 12:31 p.m.7 views

Duplicate Advisory: OpenClaw has Bypass in Webhook Rate Limiting via Pre-Authentication Secret Validation

Duplicate Advisory This advisory has been withdrawn because CVE-2026-34508 has been rejected as a duplicate of CVE-2026-34505. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds,...

5.8AI score0.00056EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/03/31 12:16 p.m.8 views

CVE-2026-34505

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling...

6.9CVSS0.00272EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/27 10:51 p.m.11 views

CVE-2026-33152

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.9AI score0.00513EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/26 7:7 p.m.5 views

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References2
osv
osv
added 2026/03/26 5:59 p.m.6 views

GHSA-Q29P-9PFR-J652 libcrux-sha3: Incorrect output from SHAKE squeeze functions

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

8.7CVSS5.9AI score
Exploits0References3
redhatcve
redhatcve
added 2026/03/26 3:11 p.m.5 views

CVE-2026-29794

Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the X-Forwarded-For or X-Real-IP headers due to the rate-limit relying on the value of...

5.3CVSS5.8AI score0.00328EPSS
Exploits1References1
nvd
nvd
added 2026/03/26 7:16 a.m.4 views

CVE-2026-4247

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

7.5CVSS0.01121EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/26 6:9 a.m.3 views

CVE-2026-4247

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

7.5CVSS5.7AI score0.01121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.14 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of BasicAuthentication as the default...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.12 views

PT-2026-28471

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions prior to 2.6.0 configure Django REST Framework with BasicAuthentication as a...

9.1CVSS5.9AI score0.00513EPSS
Exploits1References7
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.10 views

Nexxt Solutions Nebula 300+ 安全漏洞

The Nexxt Solutions Nebula 300+ is a wireless router produced by the Nexxt Solutions company in the United States. Versions of the Nebula 300+ with the software version 12.01.01.37 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of rate limits on the...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2
nvd
nvd
added 2026/03/13 7:54 p.m.5 views

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS0.00152EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/13 1:18 a.m.1 views

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS5.8AI score0.00152EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/13 1:18 a.m.28 views

CVE-2026-22201 wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTPCLIENTIP or HTTPXFORWARDEDFOR headers to spoof their IP address and circumvent...

6.9CVSS0.00152EPSS
Exploits0References3
snyk
snyk
added 2026/03/11 12:21 a.m.3 views

Improper Control of Interaction Frequency

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency in the batch endpoint, which processes sub-requests internally and bypasses the...

7.5CVSS5.8AI score0.00342EPSS
Exploits0References2
github
github
added 2026/03/11 12:21 a.m.12 views

Parse Server has a rate limit bypass via batch request endpoint

Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...

7.5CVSS5.8AI score0.00342EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/03/10 6:31 p.m.57 views

EUVD-2026-10520

An Improper Control of Interaction Frequency vulnerability CWE-799 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypas...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References2
osv
osv
added 2026/03/10 6:18 p.m.5 views

CVE-2026-24017

An Improper Control of Interaction Frequency vulnerability CWE-799 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypas...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References1
Rows per page
Query Builder