ReportizFlow
Filtered by vendor
Subscriptions
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47065 | 1 Meshtastic | 2 Firmware, Meshtastic Firmware | 2025-08-22 | 6.5 Medium |
| Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1. | ||||
| CVE-2024-32943 | 1 Westermo | 2 L210-f2g, L210-f2g Firmware | 2025-07-30 | 7.5 High |
| An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. | ||||
| CVE-2024-35246 | 1 Westermo | 2 L210-f2g Lynx, L210-f2g Lynx Firmware | 2025-07-30 | 7.5 High |
| An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. | ||||
| CVE-2025-7882 | 2025-07-22 | 3.1 Low | ||
| A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3555 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 3.7 Low |
| A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3556 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 3.7 Low |
| A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-52570 | 2025-06-26 | N/A | ||
| Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1. | ||||
| CVE-2025-52880 | 2025-06-26 | 4.2 Medium | ||
| Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker perform actions on the victim's behalf. When targeting an admin user, this can be combined with controlling a server-side command to achieve arbitrary code execution. For this vulnerability to be exploited, a malicious EPUB file has to be present in a Komga library, and subsequently accessed in the Epub reader by an admin user. Version 1.22.0 contains a patch for the issue. | ||||
| CVE-2025-5864 | 2025-06-18 | 3.7 Low | ||
| A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-57603 | 1 Mayswind | 1 Ezbookkeeping | 2025-06-06 | 6.3 Medium |
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. | ||||
| CVE-2025-48016 | 2025-05-21 | 4.3 Medium | ||
| OpenFlow discovery protocol can exhaust resources because it is not rate limited | ||||
| CVE-2021-37191 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-04-23 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. | ||||
| CVE-2023-40332 | 1 Lesterchan | 1 Wp-postratings | 2025-04-03 | 5.3 Medium |
| Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91. | ||||
| CVE-2025-29998 | 2025-03-13 | N/A | ||
| This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system. | ||||
| CVE-2025-1629 | 2025-02-24 | 3.5 Low | ||
| A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-26524 | 2025-02-14 | N/A | ||
| This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system. | ||||
| CVE-2023-51544 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 5.3 Medium |
| Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | ||||
| CVE-2024-13274 | 2025-01-14 | 5.3 Medium | ||
| Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | ||||
| CVE-2023-2758 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 3.7 Low |
| A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. | ||||
| CVE-2023-35621 | 1 Microsoft | 1 Dynamics 365 | 2025-01-01 | 7.5 High |
| Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | ||||