6 matches found
EUVD-2026-26380
U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthoriz...
CVE-2026-36959
Summary: CVE-2026-36959 affects the U-SPEED N300 router (V1.0.0). The vulnerability arises from the /api/login endpoint lacking rate limiting and account lockout protections, enabling unlimited authentication attempts from a local network. This can facilitate brute-force attacks against the admin...
EUVD-2025-24570
Malicious code in bioql PyPI...
Brute Force
Overview soosyze/soosyze is a Soosyze CMS is a minimalist content management system in PHP, without database to create and manage your website easily. Affected versions of this package are vulnerable to Brute Force via the user/login endpoint due to the absence of rate-limiting and lockout...
CVE-2021-38474
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. Th...
CVE-2019-13166
Some Xerox printers such as the Phaser 3320 V53.006.16.000 did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks...