CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-66204

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...

PT-2025-49680

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.5 Description WBCE CMS is a content management system susceptible to a brute-force protection bypass. An attacker can reset the attempt counter by manipulating the X-Forwarded-For header with each request, enabli...

BIT-MOODLE-2025-62399 Moodle: password brute force risk when mobile/web services enabled

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

UBUNTU-CVE-2025-62399

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

EUVD-2025-35668

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

EUVD-2020-29100

Malware in sbrugna...

EUVD-1999-1212

Malware in sbrugna...

Mars: No Rate Limiting on Password Attempts After Insecure Registration Flow cause ATO

An authentication vulnerability was identified that lacked rate limiting controls on password attempts. The flaw allowed unlimited brute force attacks against user accounts without triggering security measures. Attackers could perform consecutive password attempts and distinguish successful...

CVE-2022-39228

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

CVE-2009-5129

The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service intermittent LDAP authentication outage via a login attempt with an incorrect password...

The vulnerability of the FortiOS operating system in the FortiGate 200F network firewall allows a attacker to execute a brute-force attack.

The vulnerability of the FortiOS operating system for the FortiGate 200F network firewall is related to the absence of mechanisms for controlling the number of password input attempts. Exploiting this vulnerability allows a malicious actor to carry out an attack using brute-force methods...

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

PYSEC-2023-313

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

SUSE CVE-2020-8228

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...

GHSA-9G3V-V24Q-JJ5P rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks

rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts...

CVE-2021-36285

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack...

The vulnerability of the TrueConf software lies in its lack of mechanisms to limit the number of authentication attempts. This allows a violator to lock out a user’s account.

The vulnerability of the TrueConf software is related to deficiencies in the mechanism for limiting the number of authentication attempts. Exploiting this vulnerability could allow a malicious actor to lock out a user’s account by attempting more than 10 unsuccessful password entries...