Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this
CVE-2024-41276
CRITICAL CVSS 9.8
Find Similar
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email
CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or p
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
CVE-2025-46414
CRITICAL CVSS 9.2
Find Similar
The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods i
An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
CVE-2025-1740
CRITICAL CVSS 9.8
Find Similar
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: fr
CVE-2024-38194
CRITICAL CVSS 9.9
Find Similar
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01.
CVE-2024-45790
CRITICAL CVSS 9.3
Find Similar
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnera
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of serv
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is a
A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a
CVE-2021-22530
CRITICAL CVSS 9.9
Find Similar
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combine
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL.
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authentic