CVE-2026-61458: Improper Restriction of Excessive Authentication Attempts in pglombardo PasswordPusher
PasswordPusher versions before 2.9.2 have a brute-force vulnerability in the POST /p/:token/access endpoint due to lack of rate limiting and lockout mechanisms. This allows attackers who know a push…
Read the full articleYou might also wanna read
Dashlane password manager users locked out by brute force attacks
Dashlaneパスワードマネージャーで、遠隔地や未知のデバイスからのブルートフォース攻撃により、複数ユーザーがアカウントロックアウト。
Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
Palo Alto Networks CVE-2026-0257, an auth-bypass flaw, was rapidly escalated to critical after active exploitation. Attackers can bypass con
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
On May 13, 2026, Palo Alto Networks disclosed CVE-2026-0257, a medium severity authentication bypass vulnerability in PAN-OS and Prisma Acce
CVE-2026-0257: PAN-OS GlobalProtect Authentication Bypass Under Active Exploitation
CVE-2026-0257 has a CVSS score of 7.8 and is a medium-severity authentication bypass affecting PAN-OS and Prisma Access. The flaw targets Gl
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo
Attackers actively exploit Palo Alto Networks firewall authentication-bypass vulnerability upgraded from medium to critical
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning.

Comments
Sign in to join the conversation.
No comments yet. Be the first.