Total
565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0628 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2026-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | |||||
| CVE-1999-1324 | 1 Hp | 1 Openvms Vax | 2026-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. | |||||
| CVE-2001-1291 | 1 3com | 2 Superstack Ii Ps Hub 40, Superstack Ii Ps Hub 40 Firmware | 2026-04-16 | 10.0 HIGH | 9.8 CRITICAL |
| The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. | |||||
| CVE-2026-35628 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 4.8 MEDIUM |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks. | |||||
| CVE-2026-35646 | 1 Openclaw | 1 Openclaw | 2026-04-15 | N/A | 4.8 MEDIUM |
| OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests. | |||||
| CVE-2024-46442 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. | |||||
| CVE-2025-1496 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.This issue affects Coslat Hotspot: before 6.26.0.R.20250227. | |||||
| CVE-2025-46739 | 2026-04-15 | N/A | 8.1 HIGH | ||
| An unauthenticated user could discover account credentials via a brute-force attack without rate limiting | |||||
| CVE-2024-47592 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. | |||||
| CVE-2024-32720 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. | |||||
| CVE-2025-10161 | 2026-04-15 | N/A | 7.3 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue affects Perfektive: before Version: 12574 Build: 2701. | |||||
| CVE-2025-2411 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06. | |||||
| CVE-2025-4319 | 2026-04-15 | N/A | 9.4 CRITICAL | ||
| Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-48143 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders. | |||||
| CVE-2025-2417 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06. | |||||
| CVE-2025-48014 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Password guessing limits could be bypassed when using LDAP authentication. | |||||
| CVE-2024-9928 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. | |||||
| CVE-2025-2412 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12. | |||||
| CVE-2025-6029 | 2026-04-15 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified. | |||||
| CVE-2025-2171 | 2026-04-15 | N/A | N/A | ||
| Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN | |||||