Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24721 | 1 Innovaphone | 1 Innovaphone Pbx | 2025-03-26 | 6.5 Medium |
| An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel | ||||
| CVE-2022-34389 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 3.7 Low |
| Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. | ||||
| CVE-2023-46123 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 5.3 Medium |
| jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. | ||||
| CVE-2023-42818 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 5.4 Medium |
| JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2025-25595 | 2025-03-25 | 9.8 Critical | ||
| A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. | ||||
| CVE-2023-0574 | 1 Yugabyte | 1 Yugabytedb Managed | 2025-03-24 | 6.8 Medium |
| Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 | ||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | 6.8 Medium |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | ||||
| CVE-2024-12039 | 2025-03-20 | N/A | ||
| langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit code, resulting in a complete compromise of the application. | ||||
| CVE-2025-1496 | 2025-03-20 | 6.5 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.This issue affects Coslat Hotspot: before 6.26.0.R.20250227. | ||||
| CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2025-03-19 | 9.8 Critical |
| Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | ||||
| CVE-2024-42176 | 2025-03-19 | 2.6 Low | ||
| HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information. | ||||
| CVE-2025-23368 | 1 Redhat | 8 Build Keycloak, Integration, Jboss Data Grid and 5 more | 2025-03-19 | 8.1 High |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | ||||
| CVE-2023-0860 | 1 Modoboa | 1 Installer | 2025-03-18 | 7.5 High |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | ||||
| CVE-2023-24080 | 1 Chamberlain | 1 Myq | 2025-03-14 | 9.8 Critical |
| A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | ||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2025-03-11 | 8.1 High |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2023-25156 | 1 Kiwitcms | 1 Kiwi Tcms | 2025-03-10 | 7.5 High |
| Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS. | ||||
| CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2025-03-07 | 8.8 High |
| SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | ||||
| CVE-2023-29005 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | 7.5 High |
| Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. | ||||
| CVE-2025-1714 | 2025-03-07 | N/A | ||
| Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server | ||||
| CVE-2024-51476 | 1 Ibm | 1 Concert | 2025-03-06 | 7.5 High |
| IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||