Lucene search
K

31 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Deciso OPNsense 安全漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained security vulnerabilities. These vulnerabilities were caused by logical flaws in the lockouthandler module, allowing...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33118

OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm otp action of the two factor authentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing brute force block after failed logins...

7.4CVSS5.8AI score0.00296EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/01 6:31 a.m.3 views

Improper Control of Interaction Frequency

Overview django-phone-verify is an A Django app to support phone number verification using security code sent via SMS. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to the absence of failed attempt tracking and lockout mechanisms in the...

6.3CVSS7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/30 7:21 p.m.6 views

CVE-2025-64102

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

9.8CVSS6.7AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 7:15 p.m.4 views

CVE-2025-64102

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

9.8CVSS0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/29 6:36 p.m.8 views

CVE-2025-64102 Zitadel allows brute-forcing authentication factors

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

7.7CVSS0.00353EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-0544

Malware in sbrugna...

5CVSS6.4AI score0.02223EPSS
Exploits0References4
CVE
CVE
added 2025/07/11 12:16 a.m.22 views

CVE-2025-5241

CVE-2025-5241 affects Mitsubishi Electric MELSEC iQ-F Series. A remote, unauthenticated attacker can trigger a denial-of-service by exploiting an overly restrictive account lockout mechanism, causing legitimate users to be blocked for a period after repeated incorrect login attempts. The impact i...

5.3CVSS6.7AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2025/01/07 4:15 p.m.6 views

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

7.5CVSS0.00798EPSS
Exploits1References2
CVE
CVE
added 2025/01/07 12:0 a.m.43 views

CVE-2024-55008

CVE-2024-55008 concerns JATOS 3.9.4, where an authentication DoS can lock out user accounts. The document set confirms the vulnerability arises from the login flow: submitting 3 incorrect login attempts per minute can trigger an account-level lockout, affecting any user regardless of privileges, ...

7.5CVSS6.9AI score0.00798EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/07 12:0 a.m.3 views

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

7.7AI score0.00798EPSS
Exploits1References2
CNVD
CNVD
added 2024/08/30 12:0 a.m.7 views

NetIQ Advanced Authentication Brute Force Vulnerability

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A brute force vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from not...

9.9CVSS6.4AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2024/06/05 3:10 p.m.18 views

GO-2024-2788 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

8.1CVSS7AI score0.00456EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.6 views

PT-2024-26025 · Unknown · Kioware For Windows

Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions all through 8.35 Description: The issue allows for brute forcing the PIN number that protects the application from being closed, due to the lack of mechanisms preventing excessive guessing of the number...

8.4CVSS6.4AI score0.0027EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/25 11:53 p.m.34 views

CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

6.5CVSS6.9AI score0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/25 11:53 p.m.34 views

CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

6.5CVSS6.7AI score0.00456EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/04/25 6:31 p.m.24 views

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

Impact ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such...

8.1CVSS6.6AI score0.00456EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/07/15 9:15 p.m.2 views

CVE-2020-10285

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access...

9.8CVSS5.8AI score0.0132EPSS
Exploits0References1
Prion
Prion
added 2020/07/15 9:15 p.m.10 views

Authentication flaw

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access...

7.5CVSS9.6AI score0.0132EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2016/02/15 2:59 a.m.12 views

CVE-2015-5010

IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.5CVSS7.3AI score0.01552EPSS
Exploits0References3
Rows per page
Query Builder