Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/06/30 1:37 p.m.35 views

CVE-2026-35098 Improper Restriction of Excessive Authentication Attempts in KTM System e-BOK

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.5 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43506

Name of the Vulnerable Software and Affected Versions Login with OTP plugin for WordPress versions prior to 1.7 Description An authentication bypass exists due to an incomplete fix in the otpl login action function. The rate-limit and lockout checks are only applied during the OTP generation phas...

9.8CVSS5.8AI score0.00595EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.6 views

CVE-2025-14002

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...

8.1CVSS6.5AI score0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 9:20 a.m.28 views

CVE-2025-14002 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...

8.1CVSS0.00441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 11:4 p.m.4 views

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

6.9CVSS6.6AI score0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/10 10:43 p.m.5 views

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

6.9CVSS5.6AI score0.00228EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/12/10 10:43 p.m.22 views

CVE-2025-67513

CVE-2025-67513 affects FreePBX Endpoint Manager (module for managing telephony endpoints in FreePBX). Versions prior to 16.0.96 and 17.0.1 through 17.0.9 use a weak default 6‑digit app_password, which can be brute-forced. Depending on local configuration, this password could grant access to the e...

6.9CVSS6.2AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 10:43 p.m.4 views

EUVD-2025-202640

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

6.9CVSS6AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50554

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the app password parameter. Depending on local...

6.9CVSS6.5AI score0.00228EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/20 6:43 a.m.2 views

CVE-2025-10658 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2025/09/20 6:43 a.m.27 views

CVE-2025-10658

CVE-2025-10658 affects the WordPress plugin SupportCandy – Helpdesk & Customer Support Ticket System, versions

6.5CVSS5.8AI score0.00318EPSS
Exploits0References4
OSV
OSV
added 2021/02/01 2:15 a.m.5 views

CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password...

7.5CVSS5.8AI score0.01081EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2020/07/30 10:34 a.m.6 views

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but...

6.2AI score
Exploits0
OSV
OSV
added 2018/11/01 5:29 p.m.4 views

CVE-2018-6011

The time-based one-time-password TOTP function in the application logic of the Green Electronics RainMachine Mini-8 2nd generation uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of...

8.1CVSS5.8AI score0.01131EPSS
Exploits1References1
Rows per page
Query Builder