10 matches found
CVE-2026-33580
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting...
CVE-2021-0889
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...
CVE-2025-54834
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...
CVE-2023-51301
A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2024-57603
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting...
CVE-2024-57603
CVE-2024-57603 affects MaysWind ezBookkeeping 0.7.0 and describes privilege escalation via lack of rate limiting. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) yields a base score of 6.3 (MEDIUM) with network attack vector, low confidentiality/integrity/availability impact, and low pr...
CVE-2024-4311
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...
U.S. Dept Of Defense: Lack of rate limiting in https://âââ/PKI/PassReset.aspx leads to PII disclosure and potential account takeover
The password reset functionality of AFPC Secure allowed users to provide their Social Security Account Number SSAN and Mother's Maiden Name to reset their password. The issue was that the system informed the user if the SSAN was associated with an active PKI credential, leading to potential...
CVE-2020-22785
Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...
Yelp: Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting
Summary: Hello everyone, The feature to invite users to manage your business has no rate limiting or captcha implemented. Therefore, a malicious user can use this to mail bomb any email's inbox with invitation requests. Platforms Affected: biz.yelp.com Steps To Reproduce: This is a pretty straigh...