Total
486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12896 | 2025-11-07 | 4.4 Medium | ||
| Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device. | ||||
| CVE-2025-12547 | 1 Logicaldoc | 1 Logicaldoc | 2025-11-07 | 3.7 Low |
| A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be executed remotely. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-60424 | 1 Nagios | 1 Fusion | 2025-11-05 | 7.6 High |
| A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack. | ||||
| CVE-2014-5414 | 1 Beckhoff | 2 Embedded Pc Images, Twincat | 2025-11-05 | 9.1 Critical |
| Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2023-49810 | 1 Wwbn | 1 Avideo | 2025-11-04 | 7.3 High |
| A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2025-64102 | 1 Zitadel | 1 Zitadel | 2025-11-04 | 9.8 Critical |
| Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mechanism. The mechanism is not enabled by default and can cause a denial of service for the corresponding user if enabled. Additionally, the mitigation strategies were not fully implemented in the more recent resource-based APIs. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18. | ||||
| CVE-2024-39917 | 1 Neutrinolabs | 1 Xrdp | 2025-11-03 | 7.2 High |
| xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. | ||||
| CVE-2025-62257 | 1 Liferay | 2 Dxp, Portal | 2025-10-30 | N/A |
| Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack. | ||||
| CVE-2025-26862 | 1 Pingidentity | 1 Pingfederate | 2025-10-30 | N/A |
| Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks. | ||||
| CVE-2025-12310 | 1 Virtfusion | 1 Virtfusion | 2025-10-30 | 5.3 Medium |
| A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10928 | 1 Drupal | 2 Access Code, Drupal | 2025-10-30 | 6.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5. | ||||
| CVE-2025-56221 | 1 Ascertia | 1 Signinghub | 2025-10-27 | 9.8 Critical |
| A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack. | ||||
| CVE-2025-56224 | 1 Ascertia | 1 Signinghub | 2025-10-27 | 8.1 High |
| A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack. | ||||
| CVE-2025-62399 | 1 Moodle | 1 Moodle | 2025-10-27 | 7.5 High |
| Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. | ||||
| CVE-2025-9551 | 1 Drupal | 1 Drupal | 2025-10-21 | 6.5 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0. | ||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2025-10-14 | 8.1 High |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2025-23368 | 1 Redhat | 10 Build Keycloak, Data Grid, Integration and 7 more | 2025-10-14 | 8.1 High |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | ||||
| CVE-2025-11441 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 3.7 Low |
| A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue. | ||||
| CVE-2025-58587 | 2025-10-06 | 6.5 Medium | ||
| The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials. | ||||
| CVE-2025-49186 | 2025-10-06 | 5.3 Medium | ||
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||