Total
349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38176 | 2024-07-26 | N/A | 8.1 HIGH | ||
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-28833 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 7.5 HIGH |
| Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | |||||
| CVE-2024-39917 | 2024-07-12 | N/A | 7.2 HIGH | ||
| xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. | |||||
| CVE-2024-39873 | 2024-07-09 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-39874 | 2024-07-09 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2023-26756 | 1 Revive | 1 Adserver | 2024-07-05 | N/A | 7.5 HIGH |
| The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features. | |||||
| CVE-2021-28248 | 1 Broadcom | 1 Ehealth | 2024-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-25031 | 2024-07-01 | N/A | 6.5 MEDIUM | ||
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | |||||
| CVE-2024-5862 | 2024-06-24 | N/A | 7.5 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14. | |||||
| CVE-2024-28022 | 2024-06-13 | N/A | 6.5 MEDIUM | ||
| A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. | |||||
| CVE-2024-35747 | 1 Contact Form Builder Project | 1 Contact Form Builder | 2024-06-12 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7. | |||||
| CVE-2023-23730 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2023-34001 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25. | |||||
| CVE-2023-48290 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20. | |||||
| CVE-2023-48745 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. | |||||
| CVE-2023-48318 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. | |||||
| CVE-2023-45009 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3. | |||||
| CVE-2023-44235 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0. | |||||
| CVE-2023-48276 | 2024-06-04 | N/A | 5.3 MEDIUM | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. | |||||
| CVE-2023-36434 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 9.8 CRITICAL |
| Windows IIS Server Elevation of Privilege Vulnerability | |||||