Total
565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1740 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | |||||
| CVE-2025-12896 | 2026-04-15 | N/A | 4.4 MEDIUM | ||
| Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device. | |||||
| CVE-2024-45523 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP. | |||||
| CVE-2024-2051 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. | |||||
| CVE-2025-52916 | 2026-04-15 | N/A | 2.2 LOW | ||
| Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits). | |||||
| CVE-2025-7630 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.This issue affects Wispotter: from 1.0 before v2025.10.08.1. | |||||
| CVE-2025-2415 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | |||||
| CVE-2025-46414 | 2026-04-15 | N/A | 8.1 HIGH | ||
| The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN is entered. This vulnerability was patched in a server-side update on April 6, 2025. | |||||
| CVE-2025-1714 | 2026-04-15 | N/A | N/A | ||
| Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server | |||||
| CVE-2025-11566 | 2026-04-15 | N/A | N/A | ||
| CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint. | |||||
| CVE-2024-32676 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0. | |||||
| CVE-2025-52392 | 2026-04-15 | N/A | 5.4 MEDIUM | ||
| Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts. | |||||
| CVE-2023-48745 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. | |||||
| CVE-2025-2416 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | |||||
| CVE-2023-32251 | 2026-04-15 | N/A | 3.7 LOW | ||
| A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms. | |||||
| CVE-2025-26862 | 2026-04-15 | N/A | N/A | ||
| Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks. | |||||
| CVE-2024-51720 | 2026-04-15 | N/A | 4.8 MEDIUM | ||
| An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. | |||||
| CVE-2023-45009 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3. | |||||
| CVE-2025-53544 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. Trilium is a single-user app without a username requirement, and brute-force protection bypass makes exploitation much more feasible. Multiple features provided by Trilium (e.g. MFA, share notes, custom request handler) indicate that Trilium can be exposed to the internet. This is fixed in version 0.97.0. | |||||
| CVE-2025-6030 | 2026-04-15 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador. | |||||