EUVD-2026-26380

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...

CVE-2026-36959

Summary: CVE-2026-36959 affects the U-SPEED N300 router (V1.0.0). The vulnerability arises from the /api/login endpoint lacking rate limiting and account lockout protections, enabling unlimited authentication attempts from a local network. This can facilitate brute-force attacks against the admin...

EUVD-2025-24570

Malicious code in bioql PyPI...

Brute Force

Overview soosyze/soosyze is a Soosyze CMS is a minimalist content management system in PHP, without database to create and manage your website easily. Affected versions of this package are vulnerable to Brute Force via the user/login endpoint due to the absence of rate-limiting and lockout...

CVE-2019-13166

Some Xerox printers such as the Phaser 3320 V53.006.16.000 did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks...