23 matches found
CVE-2026-2402
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...
CVE-2026-2402
Technical details about CVE-2026-2402 are not publicly provided in the supplied documents; no affected products, versions, root cause, or remediation information are specified. Monitor for updates.
Mobiliti 安全漏洞
Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket API. This vulnerability could lead to...
Everon 安全漏洞
Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon’s system. This vulnerability stems from the lack of a limit on the number of authentication requests made through the WebSocket API, which can lead to denial-of-servi...
EV2GO 安全漏洞
EV2GO is a electric vehicle charging facility management platform operated by the Russian company EV2GO. EV2GO has security vulnerabilities; these vulnerabilities stem from the lack of a limit on the number of authentication requests. This could allow attackers to carry out denial-of-service...
CloudCharge 安全漏洞
CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket Application Programming Interface. Thi...
CVE-2026-20792 Chargemap chargemap.com Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2025-53968
This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service DoS condition. This can overwhelm the authentication system,...
CVE-2025-53968
CVE-2025-53968 involves unlimited authentication attempts allowing DoS and brute-force access. Connected sources describe an unauthenticated WebSocket endpoint and potential multiple concurrent connections using the same charging station ID, enabling DoS or data/session inconsistencies. Remediati...
PT-2026-4300
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The issue stems from a lack of restrictions on the number of authentication attempts. An attacker can exploit this by repeatedly sending authentication requests, potentially causing a denial-of-servi...
CVE-2025-11566
CVE-2025-11566 affects Schneider Electric PowerChute Serial Shutdown. The vulnerability stems from CWE-307: Improper Restriction of Excessive Authentication Attempts on the local network, enabling an attacker to gain access by performing arbitrary authentication attempts against the POST /REST/sh...
EUVD-2023-59111
Malicious code in bioql PyPI...
CVE-2025-35041
Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9...
CVE-2025-9004
A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. T...
The vulnerability of the Blitz Identity Provider software lies in its insufficient limitation on the number of authentication attempts. This allows a hacker to associate any arbitrary email address with a user account.
The vulnerability of the Blitz Identity Provider software is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to associate any email address with a user account...
The vulnerability of the “Project-SmartPRO” software lies in the lack of restrictions on the number of authentication attempts. This allows a perpetrator to carry out a brute-force attack.
The vulnerability of the “Project-SmartPRO” software is related to the absence of restrictions on the number of authentication attempts. Exploiting this vulnerability allows a remote attacker to carry out an attack using brute-force methods...
Stupid Simple CMS 安全漏洞
Stupid Simple CMS is a content management system by codelyfe individual developers. A security vulnerability exists in Stupid Simple CMS version 1.2.4, which stems from the lack of a limit on the number of authentication attempts...
M-Files Server Security Vulnerability
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 23.12.13205.0, which stems from a vulnerability that allows an attacker to make unlimited authentication attempts...
Online Shopping Portal 安全漏洞
Online Shopping Portal is an open source online shopping portal by the individual developer Anuj Kumar. A security vulnerability exists in version 1.0 of Online Shopping Portal, which stems from not limiting the number of authentication attempts...
The vulnerability of the FortiAuthenticator identification system lies in its insufficient limit on authentication attempts, allowing attackers to trigger a service denial.
The vulnerability of the FortiAuthenticator identification system is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by sending specially crafted HTTP requests...