Threats Tagged 'cwe-804'
View all threats tagged with 'cwe-804'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-804'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2024-31295: CWE-804 Guessable CAPTCHA in BestWebSoft Captcha by BestWebSoftCVE-2024-31295 0 Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0. Join the discussion | CVE Database V5 | 05/17/2024, 08:19:49 UTC Added: 04/29/2026, 01:55:31 UTC |
CVE-2024-30540: CWE-804 Guessable CAPTCHA in Guido VS Contact FormCVE-2024-30540 0 Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7. Join the discussion | CVE Database V5 | 05/17/2024, 08:20:23 UTC Added: 04/29/2026, 01:55:13 UTC |
CVE-2026-40935: CWE-804: Guessable CAPTCHA in WWBN AVideoCVE-2026-40935 0 WWBN AVideo versions 29. 0 and earlier contain a vulnerability in the CAPTCHA implementation where the CAPTCHA length can be set by an unauthenticated client without validation, allowing generation of a 1-character CAPTCHA. Because the CAPTCHA comparison is case-insensitive over a limited alphabet and failed attempts do not consume the session token, an attacker can brute-force the CAPTCHA in about 33 attempts per session. This affects any endpoint relying on Captcha::validation(), such as user registration and password recovery. A fix is available in commit bf1c76989e6a9054be4f0eb009d68f0f2464b453, but no official vendor advisory or patch release is referenced. Join the discussion | CVE Database V5 | 04/21/2026, 22:21:17 UTC Added: 04/21/2026, 22:31:06 UTC |
CVE-2025-1262: CWE-804 Guessable CAPTCHA in webfactory Advanced Google reCAPTCHACVE-2025-1262 0 The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification. Join the discussion | CVE Database V5 | 02/25/2025, 12:41:27 UTC Added: 02/25/2026, 21:35:10 UTC |
CVE-2025-40916: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator in GRYPHON Mojolicious::Plugin::CaptchaPNGCVE-2025-40916 0 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure. Join the discussion | CVE Database V5 | 06/16/2025, 11:01:08 UTC Added: 06/16/2025, 11:04:23 UTC |
Showing 1 to 5 of 5 results