Total
291 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-35039 | 1 Bedevious | 1 Password Reset With Code For Wordpress Rest Api | 2024-02-05 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | |||||
CVE-2023-6912 | 1 M-files | 1 M-files Server | 2024-02-05 | N/A | 9.8 CRITICAL |
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | |||||
CVE-2023-49278 | 1 Umbraco | 1 Umbraco Cms | 2024-02-05 | N/A | 5.3 MEDIUM |
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | |||||
CVE-2023-50123 | 1 Hozard | 1 Alarm System | 2024-02-05 | N/A | 8.1 HIGH |
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state. | |||||
CVE-2023-6928 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | |||||
CVE-2023-48028 | 1 Kodcloud | 1 Kodbox | 2024-02-05 | N/A | 9.8 CRITICAL |
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | |||||
CVE-2023-49443 | 1 Html-js | 1 Doracms | 2024-02-05 | N/A | 9.8 CRITICAL |
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. | |||||
CVE-2024-22317 | 1 Ibm | 1 App Connect Enterprise | 2024-02-05 | N/A | 9.1 CRITICAL |
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. | |||||
CVE-2023-24051 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | |||||
CVE-2023-32657 | 1 Weintek | 1 Weincloud | 2024-02-05 | N/A | 7.5 HIGH |
Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. | |||||
CVE-2023-29301 | 1 Adobe | 1 Coldfusion | 2024-02-05 | N/A | 7.5 HIGH |
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction. | |||||
CVE-2023-39958 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-05 | N/A | 5.3 MEDIUM |
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | |||||
CVE-2023-3669 | 1 Codesys | 1 Development System | 2024-02-05 | N/A | 3.3 LOW |
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | |||||
CVE-2023-1665 | 2024-02-04 | N/A | 9.8 CRITICAL | ||
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0. | |||||
CVE-2022-36413 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-04 | N/A | 9.1 CRITICAL |
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | |||||
CVE-2023-29005 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2024-02-04 | N/A | 7.5 HIGH |
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. | |||||
CVE-2023-3173 | 1 Froxlor | 1 Froxlor | 2024-02-04 | N/A | 9.8 CRITICAL |
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | |||||
CVE-2023-28847 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | N/A | 7.5 HIGH |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available. | |||||
CVE-2023-23755 | 1 Joomla | 1 Joomla\! | 2024-02-04 | N/A | 7.5 HIGH |
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | |||||
CVE-2023-32319 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | N/A | 6.5 MEDIUM |
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |