Lucene search
K

30 matches found

NVD
NVD
added 4 days ago12 views

CVE-2026-14495

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS0.00425EPSS
Exploits0References5
CVE
CVE
added 4 days ago13 views

CVE-2026-14495

CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...

8.8CVSS5.9AI score0.00425EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/24 5:24 a.m.96 views

OSWE-Notes

OSWE Exploit Helpers Helper modules for writing OSWE exploit...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/06 8:42 p.m.9 views

phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...

9.3CVSS6.1AI score0.00339EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/24 7:47 p.m.15 views

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...

6.3CVSS6AI score0.00396EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28395

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...

9.1CVSS5.8AI score0.00396EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/22 3:16 p.m.7 views

CVE-2025-64097

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

9.8CVSS0.00422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 2:57 p.m.4 views

CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

9.5CVSS5.6AI score0.00422EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 5:16 p.m.14 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

7.5CVSS0.00529EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.13 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

0.00529EPSS
Exploits1References3
CVE
CVE
added 2025/11/18 12:0 a.m.18 views

CVE-2025-55796

OpenML Frontend (openml.org) web app version v2.0.20241110 is affected by a token-generation flaw. Tokens used for signup confirmation, password resets, email confirmations/resends, and email changes are MD5-based and generated from the current timestamp (format "%d %H:%M:%S") without user-specif...

7.5CVSS6.7AI score0.00529EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.5 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

6.7AI score0.00529EPSS
Exploits1References3
OSV
OSV
added 2025/11/18 12:0 a.m.7 views

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

7.5CVSS7AI score0.00529EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/30 6:31 p.m.8 views

EUVD-2025-37029

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

7.5CVSS6.4AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.4 views

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

6.5AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 12:0 a.m.7 views

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

0.00327EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 12:0 a.m.25 views

CVE-2025-61114

The CVE-2025-61114 entry concerns AutoBizLine’s 2nd Line Android App (v1.2.92 and earlier; package com.mysecondline.app). A single-token-character validation flaw in the authentication server enables token-guessing/brute-forcing and unauthorized access to other users’ data, constituting an improp...

7.5CVSS6.5AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2314

Malware in sbrugna...

7.3CVSS7.5AI score0.01065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.8 views

PT-2025-87: Incorrect session expiration in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to gain unlimited access to a device by brute-forcing or compromising a session token. Vulnerability status: Confirmed ...

9.2CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder