Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 1:4 p.m.10 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

7.5CVSS7.1AI score0.00517EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 5:16 p.m.14 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

7.5CVSS0.00517EPSS
Exploits1References3
Veracode
Veracode
added 2025/08/20 10:16 a.m.6 views

Authentication Bypass

Vault is vulnerable to authentication bypass. The vulnerability is due to insufficient enforcement of MFA login rate limits and TOTP token reuse, which allows an attacker to bypass MFA protections and reuse valid tokens for unauthorized access...

5.7CVSS7.3AI score0.00286EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/08/09 2:41 a.m.3 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to validating the provided TOTP code during login MFA. An attacker can gain unauthorized access to sensitive data by bypassing internal rate limiting and reusing existing TOTP codes by including whitespace in the TOTP...

7.1CVSS7.4AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2013/09/06 11:15 a.m.25 views

CVE-2013-5708

Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...

6.8CVSS6.6AI score0.00698EPSS
Exploits0References1
Prion
Prion
added 2013/09/06 11:15 a.m.19 views

Cross site request forgery (csrf)

Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...

6.8CVSS7.2AI score0.00698EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder