CVE-2026-33935 | franklioxygen MyTube up to 1.8.71 login-attempts.json recordFailedAttempt timestamps/cooldown excessive authentication (GHSA-6w95-qgc4-5jxf)

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability marked as problematic has been reported in franklioxygen MyTube up to 1.8.71. Affected by this issue is the function recordFailedAttempt of the file login-attempts.json. Performing a manipulation of the argument timestamps/cooldown results in improper restriction of excessive authentication attempts.

This vulnerability is known as CVE-2026-33935. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-33935 | franklioxygen MyTube up to 1.8.71 login-attempts.json recordFailedAttempt timestamps/cooldown excessive authentication (GHSA-6w95-qgc4-5jxf)

Post correlati

CVE-2025-31202 | Apple iOS/iPadOS null pointer dereference

CVE-2025-47473 | pimwick PW WooCommerce Bulk Edit Plugin up to 2.134 on WordPress cross-site request forgery

CVE-2024-35688 | Jewel Theme Master Addons for Elementor Plugin up to 2.0.5.9 on WordPress cross site scripting

CVE-2025-25827 | Emlog Pro 2.5.4 URL sort.php server-side request forgery