Lucene search
K

20 matches found

RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.5 views

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

8.1CVSS7.2AI score0.00817EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40586

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.5AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34023

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 10:30 p.m.9 views

Kimai: Username enumeration via timing on X-AUTH-USER

Details src/API/Authentication/TokenAuthenticator.php calls loadUserByIdentifier first and only invokes the password hasher argon2id when a user is returned. When the username does not exist, the request returns roughly 25 ms faster than when it does. The response body is the same in both cases...

5.8AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.96 views

📄 WBCE CMS 1.6.4 Brute Force

WBCE CMS versions 1.6.4 suffers from a brute force protection bypass vulnerability. CVE-2025-66204: WBCE CMS allows brute-force protection bypass using X-Forwarded-For header Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66204 | | Severity | MEDIUM | | Advisory | View Advisory | |...

8.1CVSS5.8AI score0.00417EPSS
Exploits2
OSV
OSV
added 2026/03/16 11:54 a.m.6 views

CVE-2025-69246 Lack of bruteforce protection in Raytha CMS

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

6.9CVSS6AI score0.0038EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33563

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.5CVSS7AI score0.00794EPSS
Exploits1References1
NVD
NVD
added 2025/08/08 10:16 p.m.10 views

CVE-2025-8742

A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The...

6.3CVSS0.00581EPSS
Exploits1References4
OSV
OSV
added 2025/04/14 8:15 a.m.4 views

CVE-2025-3556

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...

8.1CVSS4.5AI score0.00872EPSS
Exploits1References4
Prion
Prion
added 2024/01/11 8:15 p.m.20 views

Design/Logic Flaw

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks...

5.1CVSS7.1AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.7 views

PT-2024-15397 · Unknown · Devise-Two-Factor

Name of the Vulnerable Software and Affected Versions: Devise-Two-Factor affected versions not specified Description: The issue concerns Devise-Two-Factor not throttling or restricting login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP...

5CVSS7.3AI score
Exploits0References10
OSV
OSV
added 2021/06/01 9:38 p.m.28 views

GHSA-R37H-J483-CJJM Improper rate limiting in Koel

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.5CVSS7.5AI score0.00794EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/06/01 9:38 p.m.53 views

Improper rate limiting in Koel

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.5CVSS2.7AI score0.00794EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/05/24 11:15 p.m.30 views

CVE-2021-33563

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.5CVSS0.00794EPSS
Exploits1References2
OSV
OSV
added 2021/05/24 11:15 p.m.17 views

CVE-2021-33563

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.5CVSS7AI score
Exploits0References2
Prion
Prion
added 2021/05/24 11:15 p.m.14 views

Default credentials

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

5CVSS7.6AI score0.00794EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/24 10:45 p.m.36 views

CVE-2021-33563

Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...

7.8AI score0.00794EPSS
Exploits1References2
CVE
CVE
added 2021/05/24 10:45 p.m.91 views

CVE-2021-33563

Koel prior to 5.1.4 is affected by an authentication weakness: no login throttling, no minimum password strength policy, and failure messages indicate whether a username is valid. Red Hat/CVE and OSV entries echo the same Description. Impact is described as facilitating brute-force attempts; no e...

7.5CVSS7.5AI score0.00794EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/11/16 7:29 a.m.3 views

CVE-2017-12316

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...

7.5CVSS5.8AI score0.02033EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/08/05 12:0 a.m.11 views

MediaWiki < 1.23.14 / 1.25.6 / 1.26.3 Multiple Vulnerabilities

Binary data 9475.prm...

7.3AI score
Exploits0References2
Rows per page
Query Builder