ReportizFlow
Filtered by vendor
Subscriptions
Total
570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49342 | 1 Ibm | 1 Informix Dynamic Server | 2025-08-06 | 7.5 High |
| IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2025-52997 | 1 Filebrowser | 1 Filebrowser | 2025-08-04 | 5.9 Medium |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a brute-force attack to retrieve the passwords of all accounts in a given instance. This issue has been patched in version 2.34.1. | ||||
| CVE-2025-3555 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 3.7 Low |
| A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3556 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 3.7 Low |
| A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9342 | 1 Eclipse | 1 Glassfish | 2025-07-16 | 9.8 Critical |
| In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. | ||||
| CVE-2025-47951 | 1 Weblate | 1 Weblate | 2025-07-16 | 4.9 Medium |
| Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12. | ||||
| CVE-2024-23106 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | 7.7 High |
| An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. | ||||
| CVE-2024-12039 | 1 Langgenius | 1 Dify | 2025-07-15 | 8.1 High |
| langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit code, resulting in a complete compromise of the application. | ||||
| CVE-2023-48318 | 2 Codepeople, Wordpress | 2 Contact Form Email, Wordpress | 2025-07-13 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. | ||||
| CVE-2025-20196 | 1 Cisco | 52 807 Industrial Integrated Services Router, 807 Industrial Integrated Services Router Firmware, 809 Industrial Integrated Services Router and 49 more | 2025-07-11 | 5.3 Medium |
| A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the Cisco IOx application hosting environment to stop responding. The IOx process will need to be manually restarted to recover services. | ||||
| CVE-2024-5716 | 1 Logsign | 2 Unified Secops, Unified Secops Platform | 2025-07-10 | 9.8 Critical |
| Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system. Was ZDI-CAN-24164. | ||||
| CVE-2023-34732 | 1 Flytxt | 1 Neon-dx | 2025-07-09 | 5.4 Medium |
| An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. | ||||
| CVE-2023-34001 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-06-30 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25. | ||||
| CVE-2024-55008 | 1 Jatos | 1 Jatos | 2025-06-24 | 7.5 High |
| JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges. | ||||
| CVE-2023-50123 | 1 Hozard | 1 Alarm System | 2025-06-20 | 8.1 High |
| The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state. | ||||
| CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2025-06-20 | 8.8 High |
| Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | ||||
| CVE-2025-48187 | 1 Infiniflow | 1 Ragflow | 2025-06-12 | 9.1 Critical |
| RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting. | ||||
| CVE-2023-45190 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-06-03 | 5.1 Medium |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | ||||
| CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2025-06-02 | 9.1 Critical |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | ||||
| CVE-2023-33759 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-05-30 | 9.8 Critical |
| SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | ||||