EUVD-2024-32048

Malicious code in bioql PyPI...

EUVD-2022-43040

Malicious code in bioql PyPI...

CVE-2025-46414

CVE-2025-46414 affects EG4 Electronics EG4 Inverters. The vulnerability is an unlimited number of PIN-entry attempts for a registered product, enabling brute-force access if an attacker has a valid device serial number. The API provides clear feedback on correct PINs. A server-side patch was issu...

CVE-2022-3681

A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network...

CVE-2025-26343

A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-3461

KioWare for Windows versions all through 8.35 allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number...

CVE-2022-45482

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...

PT-2022-27538 · Unknown · Lazy Mouse Server

Name of the Vulnerable Software and Affected Versions: Lazy Mouse server affected versions not specified Description: The issue allows remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands due to weak password requirements and the lack of rate...

CVE-2022-45482

CVE-2022-45482 concerns the Lazy Mouse server, where the vulnerability is caused by weak password requirements and lack of rate limiting. This allows remote, unauthenticated attackers to brute force the PIN and potentially execute arbitrary commands. The core data sources describe the affected co...

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

CVE-2014-5381

The CVE-2014-5381 entry affects Grand MA 300 fingerprint readers (firmware 6.60) from Granding. The vulnerability stems from weak PIN verification, enabling brute-force attempts to recover a PIN via network/WIGAND traffic. Public PoCs and advisories describe the flaw and provide an example brute-...

CVE-2017-13718

The HTTP API supported by Starry Station aka Starry Router allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the devi...

Hijacking Online Accounts Via Hacked Voicemail Systems

LEIPZIG, GERMANY – Voicemail systems are vulnerable to compromise via brute-force attacks against the four-digit personal identification numbers PINs that protect them. Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like...

CVE-2017-8006

In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN t...

CVE-2017-8006

In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN t...

Secure Computing e.iD Authenticator for Palm 2.0 PIN Brute-Force Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the sceiddb.pdb file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a syste...

Cisco CallManager vulnerable to brute force attack

Roberto Suggi Liverani, founder of the OWASP Open Web Application Security Project New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog "During a...

SafeWord e.Id Trivial PIN Brute-Force Vulnerability

Subject: SafeWord e.Id Trivial PIN Brute-Force Vulnerability BUGTRAQ ID: 2105 Published: December 14, 2000 Updated: December 14, 2000 Remote: No Local: Yes Vulnerable Systems: Secure Computing e.iD Authenticator for Palm 2.0 - Palm Palm OS 3.5.2 - Palm Palm OS 3.3 Non-Vulnerable Systems: Summary:...

Уязвимость системы CRYPTOCard

В системах CRYPTOAdmin/CRYPTOCard используется 8-разрядный PIN-код. 100000000 вариантов можно перебрать методом "грубой силы" менее чем за 5 минут на современных вычислительных системах...