CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

185 matches found

Tenable Nessus•added 2025/09/10 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2024-28833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of seco...

7.5CVSS5.5AI score0.00392EPSS

Exploits0References2

CNNVD•added 2025/09/09 12:0 a.m.•3 views

Proxmox Virtual Environment 安全漏洞

Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment version 8.4, which stems from a U2F Origin field stored cross-site scripting vulnerability that could lead to...

5.4CVSS5.9AI score0.00267EPSS

Exploits1References4

RedhatCVE•added 2025/09/07 12:45 a.m.•9 views

CVE-2025-58352

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

6.5CVSS6.8AI score0.00262EPSS

Exploits0References1

SUSE CVE•added 2025/09/05 11:22 p.m.•4 views

SUSE CVE-2025-58352

6.5CVSS6.8AI score0.00262EPSS

Exploits0References3

NVD•added 2025/09/05 12:15 a.m.•19 views

CVE-2025-58352

6.5CVSS0.00262EPSS

Exploits0References3

Cvelist•added 2025/09/04 11:28 p.m.•23 views

CVE-2025-58352 Weblate has long session expiry times during second factor verification

2.1CVSS0.00262EPSS

Exploits0References3

OSV•added 2025/09/04 11:28 p.m.•11 views

CVE-2025-58352 Weblate has long session expiry times during second factor verification

2.1CVSS6.5AI score0.00262EPSS

Exploits0References5

CVE•added 2025/09/04 11:28 p.m.•19 views

CVE-2025-58352

CVE-2025-58352 (Weblate) affects Weblate versions lower than 5.13.1, where sessions can persist for an unusually long period during second-factor (2FA) verification. The root issue is insufficient session expiration, enabling an attacker to maintain a valid session and potentially bypass rate lim...

6.5CVSS6.3AI score0.00262EPSS

Exploits0References3Affected Software1

OSV•added 2025/09/04 2:6 p.m.•3 views

GHSA-377J-WJ38-4728 Weblate has a long session expiry when verifying second factor

Impact The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor. Patches This issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002. References Thanks to...

2.1CVSS6.8AI score0.00262EPSS

Exploits0References5

Github Security Blog•added 2025/09/04 2:6 p.m.•7 views

Weblate has a long session expiry when verifying second factor

6.5CVSS6.8AI score0.00262EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2025/09/04 12:0 a.m.•6 views

PT-2025-36103

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 5.13.1 Description: Weblate is a web-based localization tool. Versions prior to 5.13.1 are susceptible to a second factor authentication bypass due to a long session expiry during the second factor verification...

2.1CVSS6.5AI score0.00262EPSS

Exploits0References7

OSV•added 2025/07/02 5:37 p.m.•4 views

DRUPAL-CONTRIB-2025-085

This module enables you to allow and/or require a second authentication method in addition to password authentication. The module does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. This vulnerability is mitigated by the fact...

6.5CVSS7.1AI score0.00364EPSS

Exploits0References1

RedhatCVE•added 2025/06/26 8:19 a.m.•9 views

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

7.5CVSS7.3AI score0.00324EPSS

Exploits0References1

NVD•added 2025/06/24 9:15 a.m.•5 views

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

7.5CVSS0.00324EPSS

Exploits0References2

RedhatCVE•added 2025/06/18 9:2 p.m.•5 views

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

4.9CVSS5AI score0.00217EPSS

Exploits0References1

Snyk•added 2025/06/16 10:2 p.m.•3 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the second factor verification process. An attacker can bypass authentication controls by automating OTP guessing attempts. Remediation Upgrade Weblate to version 5.12.1 or higher. References - GitHub Commit - GitHub PR ...

4.9CVSS7.2AI score0.00217EPSS

Exploits0References2

NVD•added 2025/06/16 9:15 p.m.•7 views

CVE-2025-47951

4.9CVSS0.00217EPSS

Exploits0References5

Cvelist•added 2025/06/16 8:57 p.m.•13 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS0.00217EPSS

Exploits0References5