5 matches found
CVE-2026-36959
Summary: CVE-2026-36959 affects the U-SPEED N300 router (V1.0.0). The vulnerability arises from the /api/login endpoint lacking rate limiting and account lockout protections, enabling unlimited authentication attempts from a local network. This can facilitate brute-force attacks against the admin...
Drupal Protected Pages 安全漏洞
Drupal Protected Pages is a page locking plugin for the Drupal community. A security vulnerability exists in Drupal Protected Pages versions prior to 1.8.0, which stems from an unrestricted number of authentication attempts that could lead to a brute force attack...
CVE-2018-19548
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginFormusername and LoginFormpassword parameters, which might make it easier for remote attackers to obtain access via a brute-force approach...
XiaoCMS admin\controller\login.php page has a logical design vulnerability
XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms based on PHP+Mysql architecture. XiaoCMS admin\controller\login.php page has a logical design vulnerability. The vulnerability is due to the CAPTCHA judgment and restriction of the login function, the attacker...
Authentication Vulnerability in Coremail Mail System Server Side
Coremail mail system developed by Ying Shi Information Technology Co., Ltd. is a web application system, widely used in government agencies, enterprises and institutions and other departments. There is an authentication vulnerability in the server side of Coremail mail system. Because the server...