Medium
CVSS: 6.5
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually g…
High
CVSS: 7.5
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Critical
CVSS: 9.8
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.
Low
CVSS: 2.3
A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive aut…
Medium
CVSS: 6.3
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
High
CVSS: 7.5
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
High
CVSS: 7.5
The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
High
CVSS: 7.5
The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
Medium
CVSS: 5.9
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authe…
Critical
CVSS: 9.3
Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass.This issue affects Wi-Fi Cloud Ho…
High
CVSS: 7.8
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN
Low
CVSS: 2.2
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).
Medium
CVSS: 4.9
Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to…
Low
CVSS: 1.7
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the…
Medium
CVSS: 5.3
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
Medium
CVSS: 5.3
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
Medium
CVSS: 6.3
A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Han…
High
CVSS: 7.5
Password guessing limits could be bypassed when using LDAP authentication.
Critical
CVSS: 9.1
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and…
Medium
CVSS: 5.4
An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.