CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

CVE-2026-8076

CVE-2026-8076 concerns the CashDro 3 web administration panel (version 24.01.00.26). The identified issue is weak credentials enabling PIN-based authentication, which supports numeric PINs compatible with POS integrations dating back to 2012. This design allows an attacker to perform brute-force ...

CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

CVE-2025-69246

Raytha CMS (CVE-2025-69246) is affected by a lack of brute-force protection in login, allowing automated multiple logon attempts. The issue is addressed in version 1.4.6; users should upgrade to mitigate risk. If upgrading is not feasible, apply any provided workaround or vendor guidance (not det...

PT-2026-25698

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

CVE-2026-27753

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate...

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...

CVE-2025-52392

CVE-2025-52392 affects Soosyze CMS 2.0. The root cause is missing rate-limiting and account lockout on the /user/login endpoint, enabling brute-force login attempts and potentially unauthorized administrative access. Public sources in connected documents describe a brute-force tool and PoC usage,...

CVE-2024-3461

KioWare for Windows versions all through 8.35 allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number...

CVE-2021-25309

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation together with the weak password policy that forces a 4-digit password allows remote attackers to easily obtain administrative access...

Gradle Enterprise Brute Force Password Guessing Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A brute force password guessing vulnerability exists in Gradle Enterprise 2018.5. The vulnerability stems from not locking after too many failed login attempts. An attacker can use this vulnerability t...

CVE-2017-8227

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...