Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD.
A flaw in Gliffy results in broken authentication through the reset functionality of the application.
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.  This vulnerability i
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with cra
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of serv
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate
CVE-2024-46442
CRITICAL CVSS 9.8
Find Similar
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.0.
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with t
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate u
Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of servic
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malfo
CVE-2025-27456
CRITICAL CVSS 9.8
Find Similar
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-48187
CRITICAL CVSS 9.8
Find Similar
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and p
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user
Page 1+ Next →