34 matches found
EUVD-2025-209421
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...
VICIdial Sensitive Information Disclosure
VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...
EUVD-2024-54348
Malicious code in bioql PyPI...
EUVD-2024-31124
Malicious code in bioql PyPI...
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration...
CVE-2024-36469
Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...
PT-2025-14460
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is related to the execution time for unsuccessful logins, which differs when using a non-existing username compared to an existing one. Recommendations At the moment, there is no...
GHSA-V34R-VJ4R-38J6 Updatecli exposes Maven credentials in console output
Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...
Open5GS Denial of Service Vulnerability (CNVD-2025-08808)
Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited by an attacker to cause a denial of service via 64 unsuccessful UE/gnb registrations...
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration...
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration...
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration...
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration...
BIT-MEDIAWIKI-2021-31548
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed...
Web log client "login unsuccessful" using nsroot
C:\NSWL\binnswl -start -f c:\nswl\etc\log.conf Debug log file is ./nswl.log-130620221156 & Log level is 1 NetScaler weblogging configuration file c:\nswl\etc\log.conf is correct Login unsuccessful nspe=redacted IP:user=nsroot!!!...
Revealing the Tonto Team’s Latest Hacks and Menaces
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Tonto Team, a Chinese hacking group, has been linked to attacks on various Asian and Eastern European organizations. In June 2022, an advanced persistent threat APT attempted to hack a cybersecurity...
No Protection Against Bruteforce Attacks on Login Page in
Description Modoboa does not restrict or limit unsuccessful login attempts allowing an attacker to brute force the password of a known user Proof of Concept Steps to Reproduce: Capture login request with BurpSuite Send to Intruder Replay the login request with a different password value utilizing...
No Protection against Bruteforce attacks on Login page
Description Webpage manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept 1. Register the account. 2. Logout the account and try to login with the different password. 3. Take the request into Burp suite intruder, set the payload list to 30for testing. 4. The...
PT-2022-16724 · Red Hat · Red Hat Process Automation Manager
Name of the Vulnerable Software and Affected Versions: Red Hat Process Automation Manager version 7 Description: A flaw was found in the software where an attacker can benefit from a brute force attack against the Administration Console, as the application does not limit the number of unsuccessfu...
Improper Restriction of Excessive Authentication Attempts
Nakama Console does not enforce any limit for the number of unsuccessful login attempts...