Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (603 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16900 | 1 Hunesion | 1 I-onenet | 2024-11-21 | 5.5 Medium |
| Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | ||||
| CVE-2015-20110 | 1 Jhipster | 1 Jhipster | 2024-11-21 | 7.5 High |
| JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | ||||
| CVE-2014-2875 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 6.1 Medium |
| The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID. | ||||
| CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2024-11-21 | 9.8 Critical |
| The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | ||||
| CVE-2013-2257 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 High |
| Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness | ||||
| CVE-2013-2228 | 1 Saltstack | 1 Saltstack | 2024-11-21 | 8.1 High |
| SaltStack RSA Key Generation allows remote users to decrypt communications | ||||
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2024-11-21 | 7.5 High |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | ||||
| CVE-2009-5140 | 1 Linksys | 2 Spa2102, Spa2102 Firmware | 2024-11-21 | 8.8 High |
| The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | ||||
| CVE-2024-0787 | 1 Phpipam | 1 Phpipam | 2024-11-19 | 5.3 Medium |
| phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0. | ||||
| CVE-2024-51558 | 2 63moons, Brokeragetechnologysolutions | 3 Aero, Wave 2.0, Wave 2.0 | 2024-11-08 | 9.8 Critical |
| This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unauthorized access and compromise other user accounts. | ||||
| CVE-2024-47656 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | 9.8 Critical |
| This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts. | ||||
| CVE-2024-7292 | 2 Progress, Progress Software | 2 Telerik Report Server, Telerik Report Server | 2024-10-16 | 7.5 High |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | ||||
| CVE-2024-47088 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 9.8 Critical |
| This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts. | ||||
| CVE-2024-32771 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-20 | 2.6 Low |
| An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later | ||||
| CVE-2024-45790 | 1 Reedos | 1 Aim-star | 2024-09-18 | 9.8 Critical |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | ||||
| CVE-2021-22530 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 8.2 High |
| A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 | ||||
| CVE-2024-45589 | 1 Identityautomation | 3 Rapididentity, Rapididentity Cloud, Rapididentity Lts | 2024-09-12 | 6.5 Medium |
| RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. | ||||
| CVE-2024-42466 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-42465 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-39225 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-08-15 | 9.8 Critical |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | ||||