CVE-2026-22616

Eaton Intelligent Power Protector IPP software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre...

CVE-2023-50455

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...

EUVD-2021-24185

Malware in sbrugna...

EUVD-2006-6664

Malware in sbrugna...

EUVD-2023-56048

Malicious code in bioql PyPI...

EUVD-2023-27841

Malicious code in bioql PyPI...

EUVD-2024-32333

Malicious code in bioql PyPI...

EUVD-2024-3270

Malicious code in bioql PyPI...

EUVD-2024-45395

Malicious code in bioql PyPI...

EUVD-2024-53640

Malicious code in bioql PyPI...

EUVD-2023-56014

Malicious code in bioql PyPI...

EUVD-2022-5220

Malicious code in bioql PyPI...

EUVD-2023-29133

Malicious code in bioql PyPI...

EUVD-2024-22191

Malicious code in bioql PyPI...

PT-2025-32007 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 3.1.5 through 4.2.24 Mastodon versions 4.3.0 through 4.3.11 Mastodon versions 4.4.0 through 4.4.3 Description: Mastodon’s rate-limiting system contains a configuration error where the email-based throttle for confirmation...

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

PT-2025-29265 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.1 Description: Meshtastic, an open source mesh networking solution, does not rate limit traceroute responses from remote nodes in versions prior to 2.5.1. This allows an attacker to reliably and continuously...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2022-29701

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...