CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

Jumo variTRON300 安全特征问题漏洞

Jumo variTRON300 is an automation system from China-based Jumo Automation Jumo. The Jumo variTRON300 suffers from a security signature issue vulnerability that stems from a flaw in the password generation algorithm, which could allow an unauthenticated, local attacker to obtain the password via...

EUVD-2019-8035

Malware in sbrugna...

EUVD-2005-2977

Malware in sbrugna...

EUVD-2006-0871

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE, an attacker with physical access to a user's machine may brute force the user's password via the change password function. Ther...

CVE-2025-54833

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

CVE-2022-3031

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific...

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing...

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing...

MINTHCM Weak Password Requirement Vulnerability

MINTHCM is a MINTHCM open source application. A human resource management software. A weak password requirement vulnerability exists in the Create New User function in MintHCM RELEASE version 3.0.8, which can be exploited by an attacker to brute-force password cracking...

CVE-2019-18235

Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack...

CVE-2020-35586

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

CVE-2020-27585

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password...

Default credentials

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks...

CVE-2020-14484

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks...

CVE-2020-14484

OpenClinic GA is affected on versions 5.09.02 and 5.89.05b. The issue is an authentication flaw that bypasses account lockout protection, enabling brute-force password attempts. The ICS advisory confirms CVE-2020-14484 and links to multiple related vulnerabilities in the same product family. Impa...