Total
477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54860 | 1 Cognex | 2 In-sight Camera Firmware, In Sight Explorer | 2025-09-19 | 7.7 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state. | ||||
| CVE-2024-24721 | 1 Innovaphone | 1 Innovaphone Pbx | 2025-09-18 | 6.5 Medium |
| An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel | ||||
| CVE-2025-43863 | 1 Vantage6 | 1 Vantage6 | 2025-09-17 | 9.8 Critical |
| vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11. | ||||
| CVE-2025-54833 | 1 Opexus | 1 Foiaxpress Public Access Link | 2025-09-12 | 5.3 Medium |
| OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords. | ||||
| CVE-2025-36758 | 1 Solax | 1 Solax Cloud | 2025-09-12 | N/A |
| It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle. | ||||
| CVE-2024-51720 | 1 Blackberry | 1 Secusuite | 2025-09-11 | 4.8 Medium |
| An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. | ||||
| CVE-2025-57815 | 1 Ethyca | 1 Fides | 2025-09-10 | 6.5 Medium |
| Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or password spraying, which poses a risk to accounts with weak or previously compromised passwords. Version 2.69.1 fixes the issue. For organizations with commercial Fides Enterprise licenses, configuring Single Sign-On (SSO) through an OIDC provider (like Azure, Google, or Okta) is an effective workaround. When OIDC SSO is enabled, username/password authentication can be disabled entirely, which eliminates this attack vector. This functionality is not available for Fides Open Source users. | ||||
| CVE-2025-2411 | 1 Akinsoft | 1 Taskpano | 2025-09-04 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06. | ||||
| CVE-2025-2417 | 1 Akinsoft | 1 E-mutabakat | 2025-09-04 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06. | ||||
| CVE-2025-2416 | 1 Akinsoft | 1 Limondesk | 2025-09-04 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | ||||
| CVE-2025-1740 | 1 Akinsoft | 1 Myrezzta | 2025-09-04 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2025-2415 | 1 Akinsoft | 1 Myrezzta | 2025-09-04 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2025-2412 | 1 Akinsoft | 1 Qr Menu | 2025-09-03 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12. | ||||
| CVE-2025-2414 | 1 Akinsoft | 1 Octocloud | 2025-09-03 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01. | ||||
| CVE-2025-2413 | 1 Akinsoft | 1 Prokuafor | 2025-09-03 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08. | ||||
| CVE-2025-8742 | 1 Macrozheng | 1 Mall | 2025-09-02 | 3.7 Low |
| A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3129 | 1 Access Code Project | 1 Access Code | 2025-09-02 | 4.8 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4. | ||||
| CVE-2024-51476 | 2 Ibm, Linux | 3 Concert, Concert Software, Linux Kernel | 2025-09-01 | 7.5 High |
| IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2024-39874 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 7.5 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | ||||
| CVE-2024-39873 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 7.5 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | ||||