Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3202 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-04-04 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-259049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-21500 | 1 Authcrunch | 1 Caddy-security | 2025-04-03 | N/A | 4.8 MEDIUM |
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process. | |||||
| CVE-1999-1152 | 1 Compaq | 2 Microcom 6000, Microcom 6000 Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. | |||||
| CVE-2001-0395 | 1 Lightwavemo | 2 Consoleserver 3200, Consoleserver 3200 Firmware | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | |||||
| CVE-2001-1291 | 1 3com | 2 Superstack Ii Ps Hub 40, Superstack Ii Ps Hub 40 Firmware | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. | |||||
| CVE-1999-1324 | 1 Hp | 1 Openvms Vax | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. | |||||
| CVE-2001-1339 | 1 Anybus | 2 Ipc\@chip, Ipc\@chip Firmware | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks. | |||||
| CVE-2002-0628 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | |||||
| CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2025-04-02 | N/A | 7.5 HIGH |
| Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | |||||
| CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2025-04-02 | N/A | 5.4 MEDIUM |
| HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
| CVE-2025-25595 | 1 Iitb | 1 Safe | 2025-04-01 | N/A | 9.8 CRITICAL |
| A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. | |||||
| CVE-2025-0417 | 2025-04-01 | N/A | N/A | ||
| Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations. | |||||
| CVE-2025-2911 | 2025-03-28 | N/A | N/A | ||
| Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions. | |||||
| CVE-2024-24721 | 2025-03-26 | N/A | 6.5 MEDIUM | ||
| An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel | |||||
| CVE-2023-46123 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | N/A | 5.3 MEDIUM |
| jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. | |||||
| CVE-2023-42818 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | N/A | 5.4 MEDIUM |
| JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | |||||
| CVE-2025-1496 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.This issue affects Coslat Hotspot: before 6.26.0.R.20250227. | |||||
| CVE-2024-12039 | 2025-03-20 | N/A | 7.4 HIGH | ||
| langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit code, resulting in a complete compromise of the application. | |||||
| CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2025-03-19 | N/A | 9.8 CRITICAL |
| Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | |||||