A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability i
A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conduct
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.
An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing
U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication
The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of serv
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can ex
This vulnerability arises because there are no limitations on the number
of authentication attempts a user can make. An attacker can exploit
this weakness by continuously sending authentication requ
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, al
An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
Page 1+ Next →