Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49810 | 1 Wwbn | 1 Avideo | 2025-06-17 | 7.3 High |
| A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2025-6030 | 2025-06-16 | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador. | ||||
| CVE-2025-6029 | 2025-06-16 | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified. | ||||
| CVE-2025-43863 | 1 Vantage6 | 1 Vantage6 | 2025-06-16 | N/A |
| vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11. | ||||
| CVE-2025-49186 | 2025-06-13 | 5.3 Medium | ||
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||
| CVE-2025-49195 | 2025-06-13 | 5.3 Medium | ||
| The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server. | ||||
| CVE-2025-48187 | 1 Infiniflow | 1 Ragflow | 2025-06-12 | 9.1 Critical |
| RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting. | ||||
| CVE-2023-45190 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-06-03 | 5.1 Medium |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | ||||
| CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2025-06-02 | 9.1 Critical |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | ||||
| CVE-2024-24721 | 1 Innovaphone | 1 Innovaphone Pbx | 2025-05-30 | 6.5 Medium |
| An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel | ||||
| CVE-2023-33759 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-05-30 | 9.8 Critical |
| SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | ||||
| CVE-2022-33735 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2025-05-28 | 6.5 Medium |
| There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. | ||||
| CVE-2025-48014 | 2025-05-21 | 7.5 High | ||
| Password guessing limits could be bypassed when using LDAP authentication. | ||||
| CVE-2024-28022 | 1 Hitachienergy | 2 Foxman-un, Unem | 2025-05-20 | 6.5 Medium |
| A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | ||||
| CVE-2024-45404 | 1 Citeum | 1 Opencti | 2025-05-17 | 8.1 High |
| OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available. | ||||
| CVE-2022-33106 | 1 Wijungle | 2 U250, U250 Firmware | 2025-05-16 | 9.8 Critical |
| WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | ||||
| CVE-2024-42176 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 2.6 Low |
| HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information. | ||||
| CVE-2022-31228 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2025-05-15 | 8.1 High |
| Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. | ||||
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2025-05-14 | 9.8 Critical |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | ||||
| CVE-2022-3031 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. | ||||