12 matches found
EUVD-2026-32036
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...
CVE-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...
PT-2026-22254
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker t...
EUVD-2020-29100
Malware in sbrugna...
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...
GHSA-VQ9X-W82R-RHMC Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to...
CVE-2019-6120
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...
GO-2025-3466 Missing rate limit in MaysWind ezBookkeeping in github.com/mayswind/ezbookkeeping
Missing rate limit in MaysWind ezBookkeeping in github.com/mayswind/ezbookkeeping...
Showmax: lack of rate limit on athentification login page & forgot password page
We received a report about missing rate-limiting functionality that is explicitly mentioned as out-of-scope of our security program. Since migrating our backends to AWS, we have no proper rate-limiting functionality in place. Due to complexity of our infra stack, we cannot use the standard WAF...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A denial of service vulnerability exists in Mozilla Firefox versions prior to 83. The vulnerability stems from the program not rate limiting API calls. An attacker could exploit this vulnerability to...
CVE-2020-8228
CVE-2020-8228 describes a missing rate limit on the signup page in the Nextcloud Preferred Providers app (version 1.7.0), allowing an attacker to repeatedly set the password. The OpenSUSE security advisory (NC-SA-2020-033) and related OSS notes confirm this CVE and indicate it was addressed in th...
Design/Logic Flaw
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...