CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1365 matches found

OSV•added 2025/07/02 5:37 p.m.•3 views

DRUPAL-CONTRIB-2025-085

This module enables you to allow and/or require a second authentication method in addition to password authentication. The module does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. This vulnerability is mitigated by the fact...

6.5CVSS7.1AI score0.0021EPSS

Exploits0References1

OSSF Malicious Packages•added 2025/06/29 4:56 p.m.•5 views

Malicious code in hancsv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb3fdca931bea8323cd7a8c2578f6d0c0594b3ea1b30df1819830168fe90983b Importing the module triggers downloading and executing Powershell script. The script collects information about the host including e.g. startup applications a...

7AI score

Exploits0References3

OSV•added 2025/06/29 4:56 p.m.•1 views

MAL-2025-191748 Malicious code in hancsv (PyPI)

6.9AI score

Exploits0References3

RedhatCVE•added 2025/06/26 8:19 a.m.•6 views

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

7.5CVSS7.3AI score0.00431EPSS

Exploits0References1

NVD•added 2025/06/24 9:15 a.m.•4 views

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

7.5CVSS0.00431EPSS

Exploits0References2

Schneier on Security•added 2025/06/23 11:4 a.m.•2 views

Largest DDoS Attack to Date

It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It...

7.2AI score

Exploits0

SUSE CVE•added 2025/06/19 3:39 a.m.•3 views

SUSE CVE-2022-50193

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after zerofslzmahead ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1 Task A called...

5.5CVSS6.4AI score0.00049EPSS

Exploits0References3

RedhatCVE•added 2025/06/18 9:2 p.m.•4 views

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

4.9CVSS5AI score0.00201EPSS

Exploits0References1

OSV•added 2025/06/18 11:15 a.m.•3 views

DEBIAN-CVE-2022-50193

5.5CVSS5.4AI score0.00049EPSS

Exploits0References1

OSV•added 2025/06/18 11:15 a.m.•0 views

UBUNTU-CVE-2022-50193

5.5CVSS5.7AI score0.00049EPSS

Exploits0References5

RedHat Linux•added 2025/06/17 2:55 p.m.•4 views

cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at cJSON.c

A flaw was found in cJSON. This issue contains a segmentation violation, which can trigger through the second parameter of the cJSONSetValuestring function at cJSON.c...

7.6CVSS5.7AI score0.02707EPSS

Exploits1References6

Snyk•added 2025/06/16 10:2 p.m.•2 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the second factor verification process. An attacker can bypass authentication controls by automating OTP guessing attempts. Remediation Upgrade Weblate to version 5.12.1 or higher. References - GitHub Commit - GitHub PR ...

4.9CVSS7.2AI score0.00201EPSS

Exploits0References2

NVD•added 2025/06/16 9:15 p.m.•4 views

CVE-2025-47951

4.9CVSS0.00201EPSS

Exploits0References5

OSV•added 2025/06/16 8:57 p.m.•5 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS6.5AI score0.00201EPSS

Exploits0References7

Vulnrichment•added 2025/06/16 8:57 p.m.•1 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS5AI score0.00201EPSS

Exploits0References5

Cvelist•added 2025/06/16 8:57 p.m.•12 views

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

4.9CVSS0.00201EPSS

Exploits0References5

OSV•added 2025/06/16 2:52 p.m.•4 views

GHSA-57JG-M997-CX3Q Weblate lacks rate limiting when verifying second factor

Impact The verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. Patches This issue has been addressed in Weblate 5.12 via...

4.9CVSS7AI score0.00201EPSS

Exploits0References7

Github Security Blog•added 2025/06/16 2:52 p.m.•9 views

Weblate lacks rate limiting when verifying second factor

4.9CVSS7AI score0.00201EPSS

Exploits0References7Affected Software1

CNNVD•added 2025/06/16 12:0 a.m.•1 views

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.12, which stems from a failure to rate-limit second-factor authentication and could lead to OTP guessing...

4.9CVSS6.5AI score0.00201EPSS

Exploits0References6

Positive Technologies•added 2025/06/16 12:0 a.m.•3 views

PT-2025-25574 · Weblate · Weblate

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 5.12 Description: The verification of the second factor was not subject to rate limiting, allowing an attacker with valid credentials to automate OTP guessing via the second factor endpoint. Recommendations: For...

4.9CVSS6.2AI score0.00201EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by