Total
471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34732 | 1 Flytxt | 1 Neon-dx | 2025-07-09 | N/A | 5.4 MEDIUM |
| An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. | |||||
| CVE-2025-27456 | 2025-07-03 | N/A | 7.5 HIGH | ||
| The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-1710 | 2025-07-03 | N/A | 7.5 HIGH | ||
| The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-27449 | 2025-07-03 | N/A | 7.5 HIGH | ||
| The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2023-34001 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-06-30 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25. | |||||
| CVE-2025-4383 | 2025-06-26 | N/A | 9.3 CRITICAL | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass.This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025. | |||||
| CVE-2024-55008 | 1 Jatos | 1 Jatos | 2025-06-24 | N/A | 7.5 HIGH |
| JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges. | |||||
| CVE-2025-2171 | 2025-06-23 | N/A | N/A | ||
| Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN | |||||
| CVE-2023-50123 | 1 Hozard | 1 Alarm System | 2025-06-20 | N/A | 8.1 HIGH |
| The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state. | |||||
| CVE-2025-6030 | 2025-06-16 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador. | |||||
| CVE-2025-6029 | 2025-06-16 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified. | |||||
| CVE-2025-49186 | 2025-06-13 | N/A | 5.3 MEDIUM | ||
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-48187 | 1 Infiniflow | 1 Ragflow | 2025-06-12 | N/A | 9.1 CRITICAL |
| RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting. | |||||
| CVE-2025-49195 | 2025-06-12 | N/A | 5.3 MEDIUM | ||
| The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server. | |||||
| CVE-2025-5864 | 2025-06-09 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2025-06-04 | N/A | 8.8 HIGH |
| Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | |||||
| CVE-2023-45190 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-06-03 | N/A | 5.1 MEDIUM |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | |||||
| CVE-2023-33759 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-05-30 | N/A | 9.8 CRITICAL |
| SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | |||||
| CVE-2022-33735 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2025-05-28 | N/A | 6.5 MEDIUM |
| There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. | |||||
| CVE-2025-48014 | 2025-05-21 | N/A | 7.5 HIGH | ||
| Password guessing limits could be bypassed when using LDAP authentication. | |||||