exploitDog

CVE-2025-26524

Опубликовано: 14 фев. 2025

Источник: nvd

EPSS Низкий

Описание

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0020

EPSS

Процентиль: 27%

0.00096

Низкий

Дефекты

CWE-799

Связанные уязвимости

GHSA-gjg5-ggc5-2g7v

github

12 месяцев назад

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

EPSS

Процентиль: 27%

0.00096

Низкий

Дефекты

CWE-799