CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

EUVD-2026-34151

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

PT-2026-46000

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

CVE-2026-36612

CVE-2026-36612 affects Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue: WPS 2.0 is enabled by default and a weak lockout policy allows 60-second lockouts after 10 attempts, per connected records. CVSSv3.1 base score 6.4 (MEDIUM) with attack vector: Adjacent, attack complexity:...

CVE-2025-36363

CVE-2025-36363 affects IBM DevOps Plan 3.0.0–3.0.5. The root cause is an inadequate account lockout setting, potentially allowing a remote attacker to brute-force credentials. Documented impact is exposure of confidentiality with no integrity/availability impact stated; CVSS metrics indicate high...

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...

CVE-2025-42615

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...

GHSA-XRW9-R35X-X878 Zitadel allows brute-forcing authentication factors

Summary A vulnerability in Zitadel allowed brute-force attack on OTP, TOTP and password allowing to impersonate the attacked user. Impact An attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like...

Zitadel allows brute-forcing authentication factors

Summary A vulnerability in Zitadel allowed brute-force attack on OTP, TOTP and password allowing to impersonate the attacked user. Impact An attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like...

EUVD-2021-24926

Malware in sbrugna...

EUVD-2012-0497

Malware in sbrugna...

EUVD-2020-25376

Malware in sbrugna...

EUVD-2021-14523

Malware in sbrugna...

EUVD-2020-25375

Malware in sbrugna...

EUVD-2023-2909

Malicious code in bioql PyPI...

EUVD-2024-1144

Malicious code in bioql PyPI...

PT-2025-31112 · Ibm · Ibm Informix Dynamic Server

Name of the Vulnerable Software and Affected Versions: IBM Informix Dynamic Server versions 12.10 and 14.10 Description: IBM Informix Dynamic Server is susceptible to brute-force credential attacks due to an inadequate account lockout setting. This could allow a remote attacker to compromise...

CVE-2024-32868

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

CVE-2023-47111

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...