128 matches found
YAMCS yamcs-core 5.12.7 - No Rate Limiting
Exploit Title: YAMCS yamcs-core 5.12.7 - No Rate Limiting Date: 2026-05-27 Exploit Author: Daniel Miranda Barcelona Excal1bur Vendor Homepage: https://yamcs.org Software Link: https://github.com/yamcs/yamcs Version: 5.12.7 Tested on: Linux CVE: CVE-2026-44596 Category: Remote / Brute Force...
CVE-2026-44611
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...
PT-2026-44931
Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description Passwords are stored using a hashing method that restricts password length and is susceptible to brute force attacks, which is a trial-and-error method used to...
PT-2026-42475
Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...
TEİAŞ Mobile Application 安全漏洞
TEİAŞ Mobile Application is a mobile application developed by the Turkish company TEİAŞ, which provides information and services related to power transmission operations. Versions of the TEİAŞ Mobile Application from 1.6.2 to 1.13 contained security vulnerabilities. These vulnerabilities were due...
Brute Force
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Brute Force due to the use of the checkBasicAuth function for checking credentials. An attacker can enumerate valid credentials by sending repeated authentication attempts without restriction, exploiting th...
PT-2026-40956
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...
vulnerability-research
Vulnerability Research & Responsible Disclosure Shivam Paji...
PT-2026-34852
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...
Brute Force
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Brute Force via the getapivideopasswordiscorrect API endpoint, which allows unauthenticated users to verify passwords for protected videos without rate limiting or...
CVE-2026-22614
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...
CVE-2026-22614
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...
PT-2026-24202
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...
CVE-2026-30790
CVE-2026-30790 describes an authentication weakness in RustDesk Server Pro (through 1.7.5) and RustDesk Server (OSS) (through 1.1.15) where excessive login attempts are not properly restricted and the password hash computation uses SHA256(SHA256(pwd+salt)+challenge). The issue affects the peer au...
CVE-2026-27521
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials...
CVE-2003-1480
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods...
CVE-2022-35932
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
CVE-2020-10876
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...
CVE-2023-49810
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a seri...
EUVD-2025-197999
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...