EUVD-2026-27860

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller CNC and Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to an inadequate...

CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

CVE-2026-20188

Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) are affected by a denial-of-service (DoS) condition due to an inadequate rate-limiting implementation on the connection-handling mechanism. An unauthenticated remote attacker can overwhelm the system with a hig...

CVE-2026-7402 Improper Rate Limiting in MeWare Software's PDKS

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

CVE-2025-66487 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...

pinchtab 安全漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions of Pinchtab 0.7.7 to 0.8.4 contain security vulnerabilities. These vulnerabilities stem from incomplete request rate-limiting protection, which may weaken...

Brute Force

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Brute Force via the Zalo webhook handler. An attacker can repeatedly attempt to guess webhook secrets without triggering rate limiting by sending requests with invalid secrets, as these...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the authentication rate limiting process. An attacker can bypass authentication rate limiting by forging the X-Real-IP header, allowing unlimited authentication attempts from a single source. Remediation Upgrade...

EUVD-2025-206748

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

FileCodeBox 安全漏洞

FileCodeBox is a file courier locker for vastsa personal developers. Files can be shared with an anonymous password. A security vulnerability exists in FileCodeBox 2.2 and earlier versions, which stems from an IP rate-limiting implementation issue that could lead to bypassing protection and...

CVE-2025-54879 Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails

Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the...

Sylius 安全漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. A security vulnerability exists in Sylius version v2.0.2, which stems from the inclusion of a rate limiting issue. An attacker exploiting this vulnerability could conduct a brute force...

XVIDEOS: Lack of Rate Limiting on Account Creation Endpoint

A vulnerability was identified in the account creation process. The affected endpoint lacked proper rate limiting mechanisms, allowing for the automated creation of multiple user accounts without restrictions. This security flaw could be exploited using tools to generate a large number of fake...

CVE-2023-48840

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion...

ovn: service monitor MAC flow is not rate limited

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured...

Flask-AppBuilder 安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.0, which stems from a lack of rate limiting in the system and can be exploited by an attacker to brute-force break user credentials...

kernel: ICMP rate limiting can be used for DNS poisoning attack

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-52025)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, prior to 4.1.1, and prior to 4.0.5, which stems from the program not properly handling IP-based rate limiting. An attack...

CVE-2018-0137

A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could explo...

Beijing Angdao Network Technology Co., Ltd. money clip APP exists arbitrary account registration vulnerability

Money Clip APP is developed and launched by Beijing Angdao Network Technology Co. Ltd. There is an arbitrary account registration vulnerability in Money Clip APP. The vulnerability is due to the registration account, verification code verification failed to verify the number of times and time to ...