Lucene search
K

290 matches found

OSV
OSV
added 2025/09/08 9:11 p.m.6 views

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.3CVSS6.8AI score0.00277EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/08 8:45 p.m.6 views

Brute Force

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...

6.5CVSS7AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.13 views

PT-2025-36508

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...

6.5CVSS6.5AI score0.00277EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2025/08/24 12:0 a.m.3 views

An Efficient Recommendation Filtering-Based Trust Model for Securing Internet of Things

Trust computation is crucial for ensuring the security of the Internet of Things IoT. However, current trust-based mechanisms for IoT have limitations that impact data security. Sliding window-based trust schemes cannot ensure reliable trust computation due to their inability to select appropriat...

6.9AI score
Exploits0
OSV
OSV
added 2025/06/25 5:15 p.m.3 views

DEBIAN-CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS5.4AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/06/25 5:15 p.m.6 views

CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS0.00299EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2025/06/03 3:19 p.m.5 views

The North Face warns customers about potentially stolen data

For the fourth time in its history, The North Face has notified customers that their account may have been compromised. This time, the company laid blame on a credential stuffing attack. The North Face is best known for its line of outdoor clothing, footwear, and related equipment. With an annual...

8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:15 a.m.7 views

CVE-2024-49358

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS6.8AI score0.00463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.7 views

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS6.6AI score0.00844EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/20 5:49 a.m.26 views

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index PyPI repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names of the Python packages are...

7.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/04/16 9:25 p.m.13 views

Hi, robot: Half of all internet traffic now automated

If you sometimes feel that the internet isn't the same vibrant place it used to be, you're not alone. New research suggests that most of the traffic traversing the network isn't human at all. Bots software programs that interact with web sites have been ubiquitous for years. But in its 2025 Bad B...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/26 8:53 a.m.39 views

Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 11:0 a.m.18 views

How New AI Agents Will Transform Credential Stuffing Attacks

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — includi...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 11:39 a.m.16 views

CVE-2024-7292

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

8.8CVSS6.7AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

Element Synapse 安全漏洞

Element Synapse is an open source Matrix home server implementation from Element Open Source. A security vulnerability exists in Element Synapse versions prior to 1.106, which stems from vulnerability to a disk stuffing attack, where an unauthenticated attacker can trick Synapse into downloading...

7.5CVSS6.4AI score0.00572EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2024/11/14 7:11 p.m.13 views

Business Logic Attacks Target Election-Related Sites on Election Day

As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...

7.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/01 12:0 a.m.9 views

Progress Telerik Report Server <= 10.2.24.709 Multiple Vulnerabilities (September 2024)

The version of Progress Telerik Report Server installed on the remote host is affected by multiple vulnerabilities: - A credential stuffing attack is possible through improper restriction of excessive login attempts. CVE-2024-7292 - A password brute forcing attack is possible through weak passwor...

8.8CVSS5.5AI score0.00317EPSS
Exploits0References6
NVD
NVD
added 2024/10/24 10:15 p.m.29 views

CVE-2024-49358

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS0.00463EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/24 9:25 p.m.22 views

CVE-2024-49358 ZimaOS vulnerable to Username Enumeration via API Responses

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS5.3AI score0.00463EPSS
Exploits1References2
CVE
CVE
added 2024/10/24 9:25 p.m.88 views

CVE-2024-49358

ZimaOS (fork of CasaOS) prior to and including 1.2.4 is affected by CVE-2024-49358 due to an API behavior at /v1/users/login that reveals whether a username exists, enabling username enumeration. This is a network-facing issue with CVSS 5.3 (MEDIUM); no patched versions are publicly available per...

5.3CVSS5.2AI score0.00463EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder