Lucene search
+L

881 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 7:47 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling incomplete enforcement of request throttling in the HTTP handler chain, allowing repeated authentication attempts against endpoints such as /health without per-IP rate limiting. An...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 10:56 p.m.30 views

CVE-2026-31903 IGL-Technologies eParking.fi Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00408EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 10:56 p.m.15 views

CVE-2026-31903

CVE-2026-31903 concerns the WebSocket API where there is no limit on authentication requests. The connected documents consistently describe this as enabling potential denial-of-service by suppressing or mis-routing charger telemetry, and brute-force attempts to gain unauthorized access. The impac...

8.7CVSS5.8AI score0.00408EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 10:45 p.m.2 views

CVE-2026-31904 CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00427EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 10:45 p.m.21 views

CVE-2026-31904

CVE-2026-31904 concerns the WebSocket API used by CTEK Chargeportal. The issue arises from a lack of rate limiting on authentication requests within the WebSocket interface, which could allow an attacker to perform denial-of-service attacks that suppress or mis-route charger telemetry, or execute...

8.7CVSS5.8AI score0.00427EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:45 p.m.27 views

CVE-2026-31904 CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00427EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:18 p.m.5 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 4:44 p.m.2 views

CVE-2026-22629

An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Fortinet多款产品 安全漏洞

Fortinet FortiManager is a product of the American company Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager Cloud is a cloud-based network management software...

3.7CVSS5.8AI score0.00369EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.4 views

CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 3:5 p.m.32 views

CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00437EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 6:31 p.m.7 views

EUVD-2026-9835

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

9.3CVSS5.9AI score0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 3:49 p.m.7 views

CVE-2026-30790

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

9.8CVSS5.7AI score0.00225EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 3:49 p.m.38 views

CVE-2026-30790

CVE-2026-30790 is rejected per the Initial Description.

5.9AI score0.00225EPSS
Exploits0
OSV
OSV
added 2026/03/05 3:41 p.m.6 views

CVE-2026-30789 RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force

Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Password Brute Forcing. T...

5.7CVSS6AI score0.00269EPSS
Exploits1References7
CVE
CVE
added 2026/03/03 7:46 p.m.21 views

CVE-2025-36363

CVE-2025-36363 affects IBM DevOps Plan 3.0.0–3.0.5. The root cause is an inadequate account lockout setting, potentially allowing a remote attacker to brute-force credentials. Documented impact is exposure of confidentiality with no integrity/availability impact stated; CVSS metrics indicate high...

7.5CVSS6AI score0.00252EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/27 12:22 a.m.29 views

CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00475EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:22 a.m.21 views

CVE-2026-26305

CVE-2026-26305 concerns a WebSocket API that does not enforce a limit on authentication requests. Multiple sources (NVD, Red Hat, ENISA EUVD, CVE listing, vuln enrichment) describe the root cause as missing rate limiting, enabling potential denial-of-service by suppressing or misrouting charger t...

9.8CVSS5.4AI score0.00475EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 12:11 a.m.6 views

CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS6AI score0.00487EPSS
Exploits0References3
Rows per page
Query Builder