Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40586

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.5AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 6:16 p.m.10 views

CVE-2026-36607

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

8.8CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 8:16 p.m.14 views

CVE-2026-41893

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints POST /login and POST /signalk/v1/auth/login are protected by express-rate-limit default: 100 attempts per 10-minute window, configurable via HTTPRATELIMITS. The WebSocke...

8.7CVSS0.00327EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.6 views

CVE-2026-36959

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

7.5CVSS5.2AI score0.00368EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34023

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/01/22 11:15 p.m.5 views

CVE-2025-53968

This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service DoS condition. This can overwhelm the authentication system,...

7.5CVSS0.00376EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.10 views

CVE-2023-50123

The number of attempts to bring the Hozard Alarm system alarmsystemen v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state...

8.1CVSS6.9AI score0.00613EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.9 views

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

7.5CVSS7.2AI score0.00863EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1871

Name of the Vulnerable Software and Affected Versions GL.Inet AX1800 versions 4.6.4 through 4.6.8 Description The LuCI web interface on GL.Inet AX1800 devices lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. This allows an unauthenticated attacker on...

5.1CVSS6.9AI score0.00214EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.7 views

PT-2026-1331

Name of the Vulnerable Software and Affected Versions Coolify versions 4.0.0-beta.434 and later Description Coolify is a self-hostable tool for managing servers, applications, and databases. A rate limit on the /login endpoint can be bypassed by rotating the X-Forwarded-For header. This allows...

6.9CVSS6.5AI score0.00252EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/08 11:50 p.m.4 views

EUVD-2025-201840

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...

6.3CVSS6.4AI score0.00402EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Vulnerability-Lookup 安全漏洞

Vulnerability-Lookup is an open source Vulnerability-Lookup platform for managing disclosure of vulnerabilities. A security vulnerability exists in Vulnerability-Lookup versions prior to 2.18.0, which stems from an unrestricted one-time password failure attempt that could lead to a brute-force...

8.1CVSS6.5AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23992

Malicious code in bioql PyPI...

9.2CVSS6.5AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 4:34 p.m.5 views

CVE-2025-35041

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9...

7.7CVSS6.9AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 4:15 p.m.14 views

CVE-2025-35041

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9...

7.7CVSS0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/22 3:56 p.m.7 views

CVE-2025-35041 Airship AI Acropolis MFA insufficient rate limiting

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9...

7.7CVSS0.00303EPSS
Exploits0References2
CVE
CVE
added 2025/09/22 3:56 p.m.26 views

CVE-2025-35041

Airship AI Acropolis MFA vulnerability: after a valid login, there is no rate limiting for MFA attempts, allowing unlimited tries within a 15-minute window to brute-force the 6-digit code. Affected versions include those prior to 10.2.35, 11.0.21, and 11.1.9. Remediation is to upgrade to 10.2.35,...

7.7CVSS6.6AI score0.00303EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.8 views

PT-2025-38737

Name of the Vulnerable Software and Affected Versions Airship AI Acropolis versions prior to 10.2.35 Airship AI Acropolis versions prior to 11.0.21 Airship AI Acropolis versions prior to 11.1.9 Description The software permits an unlimited number of multi-factor authentication MFA attempts within...

7.7CVSS6.8AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.13 views

Airship AI Acropolis 安全漏洞

Airship AI Acropolis is a video and wear Blue Flag data management platform from Airship AI in the United States. A security vulnerability exists in Airship AI Acropolis versions prior to 10.2.35, prior to 11.0.21, and prior to 11.1.9, which stems from allowing unlimited attempts at MFA...

7.7CVSS6.8AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2025/08/27 5:19 p.m.4 views

DRUPAL-CONTRIB-2025-101

This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...

6.5CVSS6.9AI score0.00355EPSS
Exploits0References1
Rows per page
Query Builder