Lucene search
+L

4 matches found

Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41357

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An improper restriction of excessive authentication attempts exists in the "/admin/check" endpoint. This endpoint accepts arbitrary user-id parameters without session binding or rate limiting...

9.1CVSS6AI score0.00339EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:41 p.m.5 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References2Affected Software1
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.487 views

Proxmox VE - TOTP Brute Force

Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...

8.8CVSS8.9AI score0.0099EPSS
Exploits3
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.6 views

PlexTrac API 安全漏洞

PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in the PlexTrac API prior to version 1.17.0, which stems from an unrestricted number of MFA TOTP submission attempts, where an unauthenticated, remote attacker...

8.8CVSS8AI score0.00821EPSS
Exploits0References3
Rows per page
Query Builder