Total
531 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 7.5 HIGH |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | |||||
| CVE-2022-45893 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | N/A | 8.8 HIGH |
| Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access. | |||||
| CVE-2022-26964 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-14 | N/A | 7.4 HIGH |
| Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded. | |||||
| CVE-2023-23730 | 1 Brainstormforce | 1 Spectra | 2025-04-10 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2022-38491 | 1 Easyvista | 1 Service Manager | 2025-04-09 | N/A | 8.2 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. Version 2022.1.133.0 corrects this issue. | |||||
| CVE-2024-3202 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-04-04 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-259049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2025-04-02 | N/A | 7.5 HIGH |
| Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | |||||
| CVE-2021-27782 | 1 Hcltech | 1 Bigfix Mobile | 2025-04-02 | N/A | 5.4 MEDIUM |
| HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | |||||
| CVE-2025-25595 | 1 Iitb | 1 Safe | 2025-04-01 | N/A | 9.8 CRITICAL |
| A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. | |||||
| CVE-2023-46123 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | N/A | 5.3 MEDIUM |
| jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. | |||||
| CVE-2023-42818 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | N/A | 5.4 MEDIUM |
| JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | |||||
| CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2025-03-19 | N/A | 9.8 CRITICAL |
| Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | |||||
| CVE-2023-24080 | 1 Chamberlain | 1 Myq | 2025-03-14 | N/A | 9.8 CRITICAL |
| A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | |||||
| CVE-2023-1101 | 1 Sonicwall | 68 Nsa 2600, Nsa 2650, Nsa 2700 and 65 more | 2025-03-07 | N/A | 8.8 HIGH |
| SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | |||||
| CVE-2023-29005 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | N/A | 7.5 HIGH |
| Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. | |||||
| CVE-2023-27100 | 2 Netgate, Pfsense | 2 Pfsense Plus, Pfsense | 2025-02-25 | N/A | 9.8 CRITICAL |
| Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. | |||||
| CVE-2024-3461 | 1 Kioware | 1 Kioware | 2025-02-12 | N/A | 6.2 MEDIUM |
| KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number. | |||||
| CVE-2023-27746 | 1 Blackvue | 4 Dr750-2ch Ir Lte, Dr750-2ch Ir Lte Firmware, Dr750-2ch Lte and 1 more | 2025-02-07 | N/A | 9.8 CRITICAL |
| BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. | |||||
| CVE-2022-30076 | 1 Entab | 1 Erp | 2025-02-06 | N/A | 5.3 MEDIUM |
| ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting. | |||||