2 matches found
CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...
CVE-2026-61458
PasswordPusher