Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:57 a.m.18 views

CVE-2026-10731

CVE-2026-10731 describes a SQL injection flaw in the two_steps_auth_code parameter processed by the twoStepsAuthVerification function in the /user-login endpoint of Nemon products. The vulnerability allows unauthenticated attackers to execute arbitrary SQL on the backend database, potentially ena...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:57 a.m.14 views

EUVD-2026-35387

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:57 a.m.7 views

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

9.3CVSS6AI score0.00349EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/20 12:0 a.m.113 views

📄 Soosyze CMS 2.0 Rate Limit Scanner

Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability CWE‑307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA. The provided automatic detection script...

5.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24570

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.0081EPSS
Exploits3References4
CNVD
CNVD
added 2025/08/21 12:0 a.m.3 views

soosyze brute force login vulnerability

soosyze is Soosyze open source a content management system . soosyze has a brute force vulnerability , the vulnerability stems from the /user/login endpoint lack of rate limiting and locking mechanism , an attacker can use this vulnerability to cause brute force attack...

5.4CVSS6.5AI score0.0081EPSS
Exploits3References1
OSV
OSV
added 2025/08/13 3:30 p.m.5 views

GHSA-VQ9X-W82R-RHMC Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

8.7CVSS7.1AI score0.0081EPSS
Exploits3References5
OSV
OSV
added 2025/08/13 2:15 p.m.5 views

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

5.4CVSS5.8AI score0.0081EPSS
Exploits3References3
NVD
NVD
added 2025/08/13 2:15 p.m.20 views

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

5.4CVSS0.0081EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

7.1AI score0.0081EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/08/13 12:0 a.m.17 views

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

0.0081EPSS
Exploits3References3
CVE
CVE
added 2025/08/13 12:0 a.m.29 views

CVE-2025-52392

CVE-2025-52392 affects Soosyze CMS 2.0. The root cause is missing rate-limiting and account lockout on the /user/login endpoint, enabling brute-force login attempts and potentially unauthorized administrative access. Public sources in connected documents describe a brute-force tool and PoC usage,...

5.4CVSS7.1AI score0.0081EPSS
Exploits3References3
Rows per page
Query Builder