droidclaw security vulnerabilities

Droidclaw is an open-source AI tool developed by Unitedby AI U/AI, which allows for control of Android phones through natural language commands. Droidclaw versions 0.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from an improper limit on the number of authentication...

CVE-2026-1816

TEİAŞ’s Mobile Application is affected by CVE-2026-1816: an improper restriction of excessive authentication attempts that enables brute-force attacks. Affected versions are 1.6.2 up to 1.13 (not inclusive). The CVSS 3.1 baseline is 6.3 (MEDIUM) with network attack vector, low privileges required...

Zyxel WRE6505 安全漏洞

Zyxel WRE6505 is a wireless signal expansion device produced by Zyxel Corporation in China. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a security vulnerability. This vulnerability stems from the improper limit on the number of authentication attempts made by the web management interface...

IGL-Technologies eParking.fi 安全漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability. This vulnerability stems from the lack of a limit on the numbe...

CVE-2026-27778 ePower epower.ie Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, which stems from the lack of an authentication request limit on the WebSocket API. This vulnerability could lead to denial-of-service attacks or brute-force...

CVE-2026-25113 SWITCH EV swtchenergy.com Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

PT-2026-5404

A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub 40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high...

EUVD-2025-201499

Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access...

Dell CloudBoost Virtual Appliance 安全漏洞

Dell CloudBoost Virtual Appliance is a storage solution software from Dell USA. A security vulnerability exists in Dell CloudBoost Virtual Appliance version 19.13.0.0 and prior versions, which stems from an improper limit on the number of authentication attempts, which could lead to unauthorized...

CVE-2025-10928 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via insufficient enforcement of authentication attempt limits in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks against OTP, TOTP, or passwor...

CVE-2025-12310

A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be initiated...

PT-2025-44022

Name of the Vulnerable Software and Affected Versions VirtFusion versions through 6.0.2 Description A security issue exists in VirtFusion that relates to improper restriction of excessive authentication attempts. The issue is located within the Email Change Handler component, specifically affecti...

CVE-2025-11441

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...

PT-2025-41236

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A security issue exists in JhumanJ OpnForm related to improper restriction of excessive authentication attempts. The issue is located within the HTTP Header Handler component and involves...

CVE-2025-2415 OTP Bypass in Akinsoft's MyRezzta

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01...

CVE-2025-8927

Summary (CVE-2025-8927) : A vulnerability exists in mtons mblog up to version 3.5.0 affecting the Verification Code Handler, specifically the file /email/send_code. Malicious manipulation of the email parameter can bypass restrictions on excessive authentication attempts. The issue can be exploit...

CVE-2025-8742

CVE-2025-8742 affects macrozheng mall 1.0.3, specifically the Admin Login component. The root cause is improper restriction of excessive authentication attempts, enabling remote exploitation. Documents note the attack requires high complexity and that exploitation is difficult, with vendor not re...

Yealink YMCS RPS 安全漏洞

Yealink YMCS RPS is a device management cloud service platform with integrated RPS functionality from China Yealink Yealink. A security vulnerability exists in Yealink YMCS RPS versions prior to 2025-06-04, which stems from a lack of SN authentication attempt limitations that could lead to brute...