CLSA-2026-1778022490 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: limit number of open IMAP parser lists in imap-login to prevent excessive memory usage DoS via deeply-nested parentheses...

PT-2026-34852

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device...

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2025-14362

Fortra GoAnywhere MFT SFTP service (before version 7.10.0) does not enforce login rate limiting for Web Users configured to authenticate with SSH keys, enabling brute-force attempts against the SSH key. Affected component: GoAnywhere MFT SFTP login mechanism. Root cause: absence of login limit en...

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

EUVD-2025-209421

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...

CVE-2025-64422

CVE-2025-64422 affects Coolify 4.0.0-beta.434 and later. The /login endpoint advertises a rate limit of 5 requests but can be bypassed by rotating the X-Forwarded-For header, enabling unlimited credential stuffing and brute-force attempts against user and admin accounts. The available connected s...

EUVD-2024-54173

Malicious code in bioql PyPI...

CVE-2025-9004

CVE-2025-9004 affects mtons mblog up to version 3.5.0 (and related advisories reference versions prior to 3.5.1). The issue stems from improper restriction of excessive authentication attempts when processing /settings/password, with potential remote initiation. Exploitation is described as diffi...

CVE-2024-13685

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...

CVE-2024-13685

CVE-2024-13685 affects the Admin and Site Enhancements (ASE) WordPress plugin prior to 7.6.10. The vulnerability arises because ASE retrieves client IP addresses from potentially untrusted headers, enabling an attacker to spoof the IP value and bypass the plugin’s login-limit protection. The issu...

CVE-2024-13685 Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...

Instainsane - Multi-threaded Instagram Brute Forcer

Instainsane is a Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords/min with 100 attemps at once. Legal disclaimer: Usage of InstaInsane for attacking...

Cisco Identity Services Engine Restriction Bypass Vulnerability

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A limit bypass vulnerability...

Foscam camera lacks multiple login restriction vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera lacks a multiple login restriction vulnerability, which can be exploited by an attacker to perform a strong attack on login credentials since the software...

PT-1999-1646 · Dec · Openvms

Name of the Vulnerable Software and Affected Versions: Open VMS versions 5.3 through 5.5-2 Description: The issue allows attackers to conduct brute force password guessing due to improper disabling of access to user accounts that exceed the break-in limit threshold for failed login attempts. This...