Medium CVSS: 6.5 CVE-2025-60538 A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.