Lucene search
K

23 matches found

NVD
NVD
added 2026/04/14 4:16 p.m.3 views

CVE-2026-2402

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...

6.9CVSS0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 3:16 p.m.10 views

CVE-2026-2402

Technical details about CVE-2026-2402 are not publicly provided in the supplied documents; no affected products, versions, root cause, or remediation information are specified. Monitor for updates.

6.9CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Mobiliti 安全漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket API. This vulnerability could lead to...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.10 views

Everon 安全漏洞

Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon’s system. This vulnerability stems from the lack of a limit on the number of authentication requests made through the WebSocket API, which can lead to denial-of-servi...

8.7CVSS5.8AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

EV2GO 安全漏洞

EV2GO is a electric vehicle charging facility management platform operated by the Russian company EV2GO. EV2GO has security vulnerabilities; these vulnerabilities stem from the lack of a limit on the number of authentication requests. This could allow attackers to carry out denial-of-service...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

CloudCharge 安全漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket Application Programming Interface. Thi...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 11:6 p.m.3 views

CVE-2026-20792 Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS6AI score0.00477EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.10 views

CVE-2025-53968

This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service DoS condition. This can overwhelm the authentication system,...

7.5CVSS5.6AI score0.00376EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 10:37 p.m.13 views

CVE-2025-53968

CVE-2025-53968 involves unlimited authentication attempts allowing DoS and brute-force access. Connected sources describe an unauthenticated WebSocket endpoint and potential multiple concurrent connections using the same charging station ID, enabling DoS or data/session inconsistencies. Remediati...

7.5CVSS5.6AI score0.00376EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4300

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The issue stems from a lack of restrictions on the number of authentication attempts. An attacker can exploit this by repeatedly sending authentication requests, potentially causing a denial-of-servi...

7.5CVSS5.4AI score0.00376EPSS
Exploits0References6
CVE
CVE
added 2025/11/12 1:26 p.m.14 views

CVE-2025-11566

CVE-2025-11566 affects Schneider Electric PowerChute Serial Shutdown. The vulnerability stems from CWE-307: Improper Restriction of Excessive Authentication Attempts on the local network, enabling an attacker to gain access by performing arbitrary authentication attempts against the POST /REST/sh...

6.9CVSS6.7AI score0.00503EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-59111

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00975EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 4:15 p.m.3 views

CVE-2025-35041

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9...

7.7CVSS5.9AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2025/08/15 3:15 a.m.23 views

CVE-2025-9004

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. T...

9.1CVSS0.00895EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.4 views

The vulnerability of the Blitz Identity Provider software lies in its insufficient limitation on the number of authentication attempts. This allows a hacker to associate any arbitrary email address with a user account.

The vulnerability of the Blitz Identity Provider software is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to associate any email address with a user account...

5CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/12 12:0 a.m.11 views

The vulnerability of the “Project-SmartPRO” software lies in the lack of restrictions on the number of authentication attempts. This allows a perpetrator to carry out a brute-force attack.

The vulnerability of the “Project-SmartPRO” software is related to the absence of restrictions on the number of authentication attempts. Exploiting this vulnerability allows a remote attacker to carry out an attack using brute-force methods...

5.3CVSS5.5AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.5 views

Stupid Simple CMS 安全漏洞

Stupid Simple CMS is a content management system by codelyfe individual developers. A security vulnerability exists in Stupid Simple CMS version 1.2.4, which stems from the lack of a limit on the number of authentication attempts...

5.9CVSS5AI score0.01201EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.4 views

M-Files Server Security Vulnerability

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 23.12.13205.0, which stems from a vulnerability that allows an attacker to make unlimited authentication attempts...

9.8CVSS6.9AI score0.00975EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.4 views

Online Shopping Portal 安全漏洞

Online Shopping Portal is an open source online shopping portal by the individual developer Anuj Kumar. A security vulnerability exists in version 1.0 of Online Shopping Portal, which stems from not limiting the number of authentication attempts...

9.1CVSS7AI score0.00574EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/03/20 12:0 a.m.5 views

The vulnerability of the FortiAuthenticator identification system lies in its insufficient limit on authentication attempts, allowing attackers to trigger a service denial.

The vulnerability of the FortiAuthenticator identification system is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by sending specially crafted HTTP requests...

3.7CVSS5.9AI score0.01812EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder