Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35697 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. | ||||
| CVE-2023-35039 | 1 Bedevious | 1 Password Reset With Code For Wordpress Rest Api | 2024-11-21 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | ||||
| CVE-2023-34001 | 2024-11-21 | 5.3 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25. | ||||
| CVE-2023-33868 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 5.9 Medium |
| The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. | ||||
| CVE-2023-33759 | 1 Splicecom | 1 Maximiser Soft Pbx | 2024-11-21 | 9.8 Critical |
| SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | ||||
| CVE-2023-32657 | 1 Weintek | 1 Weincloud | 2024-11-21 | 5.3 Medium |
| Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. | ||||
| CVE-2023-27172 | 1 Xpand-it | 1 Write-back Manager | 2024-11-21 | 9.1 Critical |
| Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | ||||
| CVE-2023-27152 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 9.8 Critical |
| DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | ||||
| CVE-2023-26756 | 1 Revive | 1 Adserver | 2024-11-21 | 7.5 High |
| The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features. | ||||
| CVE-2023-26271 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. | ||||
| CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-24051 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-11-21 | 9.8 Critical |
| A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | ||||
| CVE-2022-45790 | 1 Omron | 92 Cj1g-cpu42p, Cj1g-cpu42p Firmware, Cj1g-cpu43p and 89 more | 2024-11-21 | 8.6 High |
| The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. | ||||
| CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2024-11-21 | 5.3 Medium |
| PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | ||||
| CVE-2022-44022 | 1 Pwndoc Project | 1 Pwndoc | 2024-11-21 | 5.3 Medium |
| PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | ||||
| CVE-2022-43947 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions. | ||||
| CVE-2022-43904 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 High |
| IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895. | ||||
| CVE-2022-42478 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 8.1 High |
| An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. | ||||
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2024-11-21 | 9.8 Critical |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | ||||