Lucene search
K

35 matches found

NVD
NVD
added 2026/06/30 2:16 p.m.10 views

CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 1:37 p.m.8 views

EUVD-2026-40325

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS5.8AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 5:10 p.m.3 views

CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the login form processor not implementing any type of...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/04/13 4:16 p.m.5 views

CVE-2025-31991

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

9.8CVSS0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 11:13 a.m.3 views

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 8:31 p.m.2 views

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:31 p.m.4 views

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

6.9CVSS5.9AI score0.00268EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 5:19 p.m.2 views

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS5.8AI score0.00488EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/17 5:18 p.m.2 views

CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting

The GL-iNet Comet GL-RM1 KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS5.8AI score0.0053EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 5:18 p.m.26 views

CVE-2026-32292

CVE-2026-32292 affects GL-iNet Comet KVM web interface on the GL-RM1. It describes an insufficient login rate-limiting condition that allows brute-force attempts to guess credentials over the network. The vulnerability is documented across multiple sources (NVD, ENISA EUVD, Red Hat) with a high/c...

9.3CVSS5.8AI score0.0053EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.6 views

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of rate limiting on login requests, which could allow brute-force attacks to attempt to guess credentials...

9.3CVSS6AI score0.00488EPSS
Exploits0References4
OSV
OSV
added 2026/02/24 4:24 p.m.4 views

CVE-2026-27521

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 3:8 p.m.19 views

CVE-2026-27521 Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...

7.5CVSS0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 3:8 p.m.3 views

CVE-2026-27521 Binardat 10G08-0800GSM Network Switch Missing Login Rate Limiting

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...

7.5CVSS5.3AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 3:8 p.m.16 views

CVE-2026-27521

CVE-2026-27521 affects Binardat 10G08-0800GSM network switch firmware, specifically versions prior to V300SP10260209. The root issue is the absence of rate limiting and account lockout on failed login attempts, enabling brute-force credential attacks. Multiple sources (NVD/Red Hat/CIRCLOSV) corro...

7.5CVSS5.3AI score0.00246EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2026/02/20 12:0 a.m.116 views

📄 Soosyze CMS 2.0 Rate Limit Scanner

Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability CWE‑307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA. The provided automatic detection script...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.7 views

CVE-2025-60538

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

6.5CVSS7AI score0.00367EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/09 9:56 p.m.3 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to insufficient rate limiting on the login process. An attacker can gain unauthorized access by performing a brute force attack. Remediation There is no fixed version for github.com/go-shiori/shiori. References - GitHub...

9.3CVSS6.8AI score0.00367EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 12:0 a.m.2 views

CVE-2025-60538

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

6.6AI score0.00367EPSS
Exploits0References2
Rows per page
Query Builder