Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.17 views

PT-2026-41558

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...

9.8CVSS6.5AI score0.00589EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

9.8CVSS6.1AI score0.00589EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-33910

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: md5APP KEY + attachment id + size. Since attachment id is sequential and size can be brute-forced in a small range, an...

9.3CVSS5.7AI score0.00403EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/07 6:19 a.m.2 views

CVE-2026-1114 Improper Access Control via Weak JWT Token in parisneo/lollms

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.2AI score0.0054EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/29 3:50 p.m.1 views

Weak Password Requirements

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending numerous authentication...

6.9CVSS5.9AI score0.00244EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/24 7:47 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling incomplete enforcement of request throttling in the HTTP handler chain, allowing repeated authentication attempts against endpoints such as /health without per-IP rate limiting. An...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.13 views

Private Links, Public Leaks: Consequences of Frictionless User Experience on the Security and Privacy Posture of SMS-Delivered URLs

Digital service providers often prioritize a frictionless user experience by adopting technologies that simplify access to their services. One widely used mechanism is the Short Message Service SMS to deliver links URLs that enable single-click access to online services with little to no...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:30 p.m.6 views

EUVD-2025-84362

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS5.6AI score0.0026EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 11:15 a.m.5 views

CVE-2025-12787

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS0.0026EPSS
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2025/10/16 11:0 a.m.6 views

API Attack Awareness: When Authentication Fails — Exposing APIs to Risk

Authentication issues seem like low-level attacks. But authentication today – especially API authentication – can be more difficult than people expect. Companies rely on APIs to carry sensitive information every day. If access to those APIs is not properly secured, all the sophisticated security...

7.3AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-33327

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00429EPSS
Exploits0References2
OSV
OSV
added 2022/04/28 4:15 p.m.12 views

CVE-2022-28892

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery CSRF because randomly generated tokens are too easily guessable...

8.8CVSS7AI score
Exploits0References2
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.3 views

InvoicePlane 安全漏洞

InvoicePlane is a software application. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. InvoicePlane version 1.5.11 suffers from a security vulnerability that stems from the absence of any rate limitation on password resets, where reset...

5.3CVSS5.6AI score0.00844EPSS
Exploits1References3
OSV
OSV
added 2021/04/26 7:15 p.m.4 views

CVE-2021-31646

Gestsup before 3.2.10 allows account takeover through the password recovery functionality remote. The affected component is the file forgotpwd.php - it uses a weak algorithm for the generation of password recovery tokens the PHP uniqueid function, allowing a brute force attack...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References3
Kitploit
Kitploit
added 2019/01/31 12:8 p.m.157 views

Bolt - CSRF Scanning Suite

Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged. Pull requests and issues are welcome. I also suggest you to put this repo on watch if you are interested in it. Workflow Crawling Bolt crawls the target website to the specified depth...

7.1AI score
Exploits0References3
Rows per page
Query Builder