52 matches found
CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...
PT-2026-45943
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...
CVE-2026-40586
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...
PT-2026-34023
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...
EUVD-2026-12608
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295
CVE-2026-32295 affects JetKVM prior to version 0.5.4, where there is no rate limiting on login attempts. This enables brute-force attempts to guess credentials, exposing potential unauthorized access. The vulnerability is mitigated by upgrading to version 0.5.4 (fix referenced in multiple sources...
CVE-2026-32295 JetKVM insufficient login rate limiting
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32292
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...
JetKVM 安全漏洞
JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of rate limiting on login requests, which could allow brute-force attacks to attempt to guess credentials...
GL-iNet Comet 安全漏洞
GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of restrictions on login requests through the web interface. This vulnerability may lead to brute-force attacks...
BIT-MOODLE-2025-67853 Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
Moodle Affected by Improper Restriction of Excessive Authentication Attempts
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-67853
CVE-2025-67853 concerns Moodle and is supported by multiple sources in the provided documents. The vulnerability is caused by a lack of proper rate limiting in Moodle’s confirmation email service, which can enable attackers to enumerate or guess user credentials, facilitating brute-force attacks ...
CVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...
CVE-2025-67853 Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...