14 matches found
CVE-2026-2402
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...
CVE-2026-2402
Technical details about CVE-2026-2402 are not publicly provided in the supplied documents; no affected products, versions, root cause, or remediation information are specified. Monitor for updates.
CVE-2026-20792 Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2025-53968
CVE-2025-53968 involves unlimited authentication attempts allowing DoS and brute-force access. Connected sources describe an unauthenticated WebSocket endpoint and potential multiple concurrent connections using the same charging station ID, enabling DoS or data/session inconsistencies. Remediati...
PT-2026-4300
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The issue stems from a lack of restrictions on the number of authentication attempts. An attacker can exploit this by repeatedly sending authentication requests, potentially causing a denial-of-servi...
CVE-2025-11566
CVE-2025-11566 affects Schneider Electric PowerChute Serial Shutdown. The vulnerability stems from CWE-307: Improper Restriction of Excessive Authentication Attempts on the local network, enabling an attacker to gain access by performing arbitrary authentication attempts against the POST /REST/sh...
CVE-2025-35041
Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9...
The vulnerability of the Blitz Identity Provider software lies in its insufficient limitation on the number of authentication attempts. This allows a hacker to associate any arbitrary email address with a user account.
The vulnerability of the Blitz Identity Provider software is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to associate any email address with a user account...
The vulnerability of the “Project-SmartPRO” software lies in the lack of restrictions on the number of authentication attempts. This allows a perpetrator to carry out a brute-force attack.
The vulnerability of the “Project-SmartPRO” software is related to the absence of restrictions on the number of authentication attempts. Exploiting this vulnerability allows a remote attacker to carry out an attack using brute-force methods...
Stupid Simple CMS 安全漏洞
Stupid Simple CMS is a content management system by codelyfe individual developers. A security vulnerability exists in Stupid Simple CMS version 1.2.4, which stems from the lack of a limit on the number of authentication attempts...
M-Files Server Security Vulnerability
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 23.12.13205.0, which stems from a vulnerability that allows an attacker to make unlimited authentication attempts...
Online Shopping Portal 安全漏洞
Online Shopping Portal is an open source online shopping portal by the individual developer Anuj Kumar. A security vulnerability exists in version 1.0 of Online Shopping Portal, which stems from not limiting the number of authentication attempts...
The vulnerability of the FortiAuthenticator identification system lies in its insufficient limit on authentication attempts, allowing attackers to trigger a service denial.
The vulnerability of the FortiAuthenticator identification system is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by sending specially crafted HTTP requests...
Kirby 安全漏洞
Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby versions 3.5 prior to 3.5.8.2, 3.6 prior to 3.6.6.2, 3.7 prior to 3.7.5.1, and 3.8 prior to 3.8.1, which stems from a failure to limit the number of times authentication can be performed.Kirby is subject...