Total
375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35747 | 1 Contact Form Builder Project | 1 Contact Form Builder | 2024-06-12 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | |||||
| CVE-2023-48276 | 2024-06-04 | N/A | N/A | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. | |||||
| CVE-2023-45009 | 2024-06-04 | N/A | N/A | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3. | |||||
| CVE-2023-44235 | 2024-06-04 | N/A | N/A | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0. | |||||
| CVE-2023-48745 | 2024-06-04 | N/A | N/A | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. | |||||
| CVE-2023-21709 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 9.8 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-32676 | 2024-05-17 | N/A | N/A | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0. | |||||
| CVE-2023-6756 | 1 Thecosy | 1 Icecms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884. | |||||
| CVE-2023-3605 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-05-17 | N/A | 9.1 CRITICAL |
| A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467. | |||||
| CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2024-05-02 | N/A | 5.3 MEDIUM |
| PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | |||||
| CVE-2021-1311 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-04-11 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting. | |||||
| CVE-2024-2051 | 2024-03-18 | N/A | N/A | ||
| CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. | |||||
| CVE-2023-40834 | 1 Opencart | 1 Opencart | 2024-03-08 | N/A | 9.8 CRITICAL |
| OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter. | |||||
| CVE-2023-4625 | 1 Mitsubishielectric | 126 Fx5s-30mr\/es, Fx5s-30mr\/es Firmware, Fx5s-30mt\/es and 123 more | 2024-02-15 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. | |||||
| CVE-2023-45191 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2024-02-15 | N/A | 7.5 HIGH |
| IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | |||||
| CVE-2017-16900 | 1 Hunesion | 1 I-onenet | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | |||||
| CVE-2019-0039 | 1 Juniper | 1 Junos | 2024-02-09 | 4.3 MEDIUM | 8.1 HIGH |
| If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1. | |||||
| CVE-1999-1324 | 1 Hp | 1 Openvms Vax | 2024-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. | |||||
| CVE-2001-1339 | 1 Anybus | 2 Ipc\@chip, Ipc\@chip Firmware | 2024-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks. | |||||
| CVE-1999-1152 | 1 Compaq | 2 Microcom 6000, Microcom 6000 Firmware | 2024-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. | |||||