Total
487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27521 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials. | |||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 7.5 HIGH |
| Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | |||||
| CVE-2021-41807 | 1 M-files | 2 M-files Server, M-files Web | 2026-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier. | |||||
| CVE-2026-1685 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-20 | 2.6 LOW | 3.7 LOW |
| A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. | |||||
| CVE-2025-7630 | 2026-02-18 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.This issue affects Wispotter: from 1.0 before v2025.10.08.1. | |||||
| CVE-2025-23368 | 1 Redhat | 3 Data Grid, Jboss Enterprise Application Platform, Wildfly Core | 2026-02-13 | N/A | 8.1 HIGH |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | |||||
| CVE-2025-67853 | 1 Moodle | 1 Moodle | 2026-02-11 | N/A | 7.5 HIGH |
| A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts. | |||||
| CVE-2026-25577 | 2026-02-11 | N/A | 7.5 HIGH | ||
| Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11. | |||||
| CVE-2026-2110 | 2026-02-09 | 2.6 LOW | 3.7 LOW | ||
| A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27456 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 7.5 HIGH |
| The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-27449 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 7.5 HIGH |
| The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-1710 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 7.5 HIGH |
| The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-49186 | 2 Avaya, Sick | 6 Media Server, Baggage Analytics, Field Analytics and 3 more | 2026-02-03 | N/A | 5.3 MEDIUM |
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | |||||
| CVE-2025-53968 | 1 Evmapa | 1 Evmapa | 2026-02-02 | N/A | 7.5 HIGH |
| This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. This can overwhelm the authentication system, rendering it unavailable to legitimate users and potentially causing service disruption. This can also allow attackers to conduct brute-force attacks to gain unauthorized access. | |||||
| CVE-2026-1409 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2026-01-30 | 1.2 LOW | 2.0 LOW |
| A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the physical device. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-39314 | 1 Getkirby | 1 Kirby | 2026-01-30 | N/A | 3.7 LOW |
| Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. | |||||
| CVE-2026-24436 | 1 Tenda | 2 W30e, W30e Firmware | 2026-01-28 | N/A | 9.8 CRITICAL |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials. | |||||
| CVE-2026-22278 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | N/A | 8.1 HIGH |
| Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-58587 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2026-01-27 | N/A | 6.5 MEDIUM |
| The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials. | |||||
| CVE-2025-49195 | 1 Sick | 1 Media Server | 2026-01-26 | N/A | 5.3 MEDIUM |
| The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server. | |||||