CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the login form processor not implementing any type of...

CVE-2026-22616

Eaton Intelligent Power Protector IPP software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre...

CVE-2025-31991

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

GO-2026-4916 Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server

Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

PT-2026-29956

Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of BasicAuthentication as the default...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of rate limiting in the login process. An attacker can exhaust server resources by sending a large number of parallel login requests via a single HTTP/2 packet, potentially causing the server to cra...

EUVD-2026-15756

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

PT-2026-27961

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier Description The software does not adequately limit the rate of login requests. This...

EUVD-2026-12608

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295

CVE-2026-32295 affects JetKVM prior to version 0.5.4, where there is no rate limiting on login attempts. This enables brute-force attempts to guess credentials, exposing potential unauthorized access. The vulnerability is mitigated by upgrading to version 0.5.4 (fix referenced in multiple sources...

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32292

CVE-2026-32292 affects GL-iNet Comet KVM web interface on the GL-RM1. It describes an insufficient login rate-limiting condition that allows brute-force attempts to guess credentials over the network. The vulnerability is documented across multiple sources (NVD, ENISA EUVD, Red Hat) with a high/c...

CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting

The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of rate limiting on login requests, which could allow brute-force attacks to attempt to guess credentials...

PT-2026-25917

🚨 CVE-2026-32295: JetKVM insufficient login rate l... KVM-over-IP devices with zero brute-force protection are basically screaming "pwn me" to every script kiddie with a wor... https://t.co/xBzcOcZWDZ netsec vulnerability CVE sysadmin zeroday...