Total
471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45404 | 1 Citeum | 1 Opencti | 2025-05-17 | N/A | 8.1 HIGH |
| OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available. | |||||
| CVE-2022-33106 | 1 Wijungle | 2 U250, U250 Firmware | 2025-05-16 | N/A | 9.8 CRITICAL |
| WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | |||||
| CVE-2024-42176 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | N/A | 2.6 LOW |
| HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information. | |||||
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2025-05-14 | N/A | 9.8 CRITICAL |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | |||||
| CVE-2022-3031 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. | |||||
| CVE-2024-38888 | 1 Horizoncloud | 1 Caterease | 2025-05-13 | N/A | 6.8 MEDIUM |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. | |||||
| CVE-2025-46739 | 2025-05-12 | N/A | 8.1 HIGH | ||
| An unauthenticated user could discover account credentials via a brute-force attack without rate limiting | |||||
| CVE-2025-3709 | 1 Flowring | 1 Agentflow | 2025-05-07 | N/A | 9.8 CRITICAL |
| Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack. | |||||
| CVE-2022-44022 | 1 Pwndoc Project | 1 Pwndoc | 2025-05-07 | N/A | 5.3 MEDIUM |
| PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | |||||
| CVE-2023-27172 | 1 Xpand-it | 1 Write-back Manager | 2025-05-06 | N/A | 9.1 CRITICAL |
| Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | |||||
| CVE-2024-1104 | 1 Areal-topkapi | 1 Webserv2 | 2025-05-06 | N/A | 7.5 HIGH |
| An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. | |||||
| CVE-2022-40903 | 1 Aiphone | 8 Gt-db-vn, Gt-db-vn Firmware, Gt-dmb and 5 more | 2025-04-30 | N/A | 6.5 MEDIUM |
| Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. | |||||
| CVE-2024-28022 | 1 Hitachienergy | 2 Foxman-un, Unem | 2025-04-29 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | |||||
| CVE-2022-37772 | 1 Maarch | 1 Maarch Rm | 2025-04-25 | N/A | 7.5 HIGH |
| Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | |||||
| CVE-2022-23746 | 1 Checkpoint | 1 Ssl Network Extender | 2025-04-25 | N/A | 7.5 HIGH |
| The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords. | |||||
| CVE-2025-42600 | 2025-04-23 | N/A | N/A | ||
| This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts. | |||||
| CVE-2017-11187 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. | |||||
| CVE-2017-1197 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. | |||||
| CVE-2017-7673 | 1 Apache | 1 Openmeetings | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | |||||
| CVE-2017-12316 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. | |||||