CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

CVE-2026-44367

Klaw (self-service Apache Kafka Topic Management/Governance tool) is affected prior to v2.10.4 by inconsistent case-sensitivity handling in user registration and login, enabling targeted DoS and complete account lockout. Root cause: username case handling leads to lockout conditions. Impact: Deni...

EUVD-2021-14523

Malware in sbrugna...

EUVD-2019-19074

Malware in sbrugna...

EUVD-2023-2025

Malicious code in bioql PyPI...

EUVD-2025-23396

Malicious code in bioql PyPI...

SUSE CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

PT-2025-32380 · Openbao · Openbao

Name of the Vulnerable Software and Affected Versions: OpenBao versions 0.1.0 through 2.3.1 Description: Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP authentication systems. This was caused by different aliasing between pre-flight and full login...

BIT-VAULT-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-6004

A flaw was found in github.com/hashicorp/vault. The user lockout feature for Userpass and LDAP authentication methods can be bypassed, allowing an attacker to circumvent account lockout restrictions. This circumvention occurs without requiring prior authentication or knowledge of user credentials...

CVE-2025-6004

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2025-6004

CVE-2025-6004 describes a bypass of Vault’s user lockout feature for Userpass and LDAP authentication. Root cause details are not fully enumerated in the provided docs, but fixes are stated: Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23 address the issue...

PT-2025-31678

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1, 1.19.7, 1.18.12, and 1.16.23 Description The user lockout feature in Vault and Vault Enterprise could be bypassed for Userpass and LDAP authentication methods...

HashiCorp Vault Enterprise和HashiCorp Vault Community Edition 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform and HashiCorp...

PT-2025-27821 · Mitsubishi · Melsec Iq-F Series Fx5-Cclgn-Ms +69

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F Series affected versions not specified Description: The software contains an overly restrictive account lockout mechanism. A remote, unauthenticated attacker can lockout legitimate users by repeatedly attemptin...