CVE-2025-58587 Improper Restriction of Excessive Authentication Attempts

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials...

EUVD-2023-53984

Malicious code in bioql PyPI...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

CVE-2023-4094

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the...

Authentication flaw

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the...

CVE-2023-4094

ARCONTE Aurea Arconte Áurea 1.5.0.0 has a weak authentication vulnerability that lets an attacker issue false login attempts to block legitimate accounts and cause a denial of service. A separate resource indicates a method to circumvent the login attempt limit. Public documents identify the affe...

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing...

Default credentials

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing...

Longbrothers Digital OKLOK Access Gain Vulnerability

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

Nextcloud: No set limit to try to login in "https://auth.nextcloud.com/auth/realms/master/protocol/openid-connect/auth" page.

Hi. I checked the "https://nextcloud.com" page, and try to go to wp-admin page. Then, I found the login page "https://auth.nextcloud.com/auth/realms/master/protocol/openid-connect/auth" In this page, I tried to login more than 10 times!manually I think that I can try to brute force to this login...

CVE-2020-1616

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention JATP Series and Virtual JATP vJATP devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of th...

CVE-2020-1616 JATP Series: JATP Is susceptible to slow brute force attacks on the SSH service.

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention JATP Series and Virtual JATP vJATP devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of th...

Shopify: StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts

It seems that the service used for login purposes could be brute forced. the system fails when the password is incorrect, after some unsuccessful attempts the following message is shown: "data":"customerAccessTokenCreate":null,"errors":"message":"Login attempt limit exceeded. Please try again...

CVE-2018-16703

A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-si...

CVE-2017-12316

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...

Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...

Neoteris IVE password bruteforcing

Change password page doesn't limit the number of attempts...