CWE-307: CWE-307

Grandstream UCM6510 PBX systems running firmware v1.0.20.52 and earlier lack rate limiting on authentication attempts, allowing attackers to brute for...

This vulnerability allows attackers to perform password brute-forcing attacks against BG-TEK Coslat Hotspot systems due to insufficient rate limiting ...

Dell RecoverPoint for Virtual Machines 6.0.x has an authentication rate limiting vulnerability that allows attackers to perform brute-force or diction...

This vulnerability allows attackers to perform unlimited authentication attempts against the Yordam Library Automation System login interface, potenti...

File Browser versions before 2.34.1 lack password policy enforcement and brute-force protection, allowing attackers to guess passwords through repeate...

OpenBao's MFA system in versions 2.3.1 and below has a TOTP code validation flaw where whitespace in codes bypasses rate limiting, allowing attackers ...

This vulnerability allows attackers to bypass multi-factor authentication (MFA) rate limiting and reuse TOTP tokens in HashiCorp Vault, potentially en...

Soosyze CMS 2.0 has a brute-force vulnerability that allows attackers to make unlimited login attempts without rate limiting or account lockout. This ...

This vulnerability in Flytxt NEON-dX allows attackers to perform brute force attacks against the change password function by exploiting the userId par...

This vulnerability in VirtFusion allows attackers to bypass rate limiting on email change authentication attempts, potentially enabling brute-force at...

This vulnerability allows attackers to bypass CAPTCHA protection and perform unlimited password brute-force attempts against the Real Estate Manager W...

A JSON injection vulnerability in the anything-llm application allows attackers to perform brute force attacks against the login system without knowin...

This vulnerability allows attackers to bypass CAPTCHA protection in WebFactory Ltd's Captcha Code WordPress plugin by making excessive authentication ...

This vulnerability allows attackers to bypass the CAPTCHA protection in the WP Forms Puzzle Captcha WordPress plugin by making excessive authenticatio...

This vulnerability allows attackers to bypass CAPTCHA protection in the Form Maker by 10Web WordPress plugin by making excessive authentication attemp...

This vulnerability allows attackers to bypass CAPTCHA protection in the Contact Form 7 plugin for WordPress by exploiting improper rate limiting on au...

This vulnerability allows attackers to bypass CAPTCHA protection in the WP Captcha WordPress plugin by making excessive authentication attempts withou...

This vulnerability allows attackers to bypass CAPTCHA protection in the Appointment Hour Booking WordPress plugin through excessive authentication att...

The LuCI web interface on GL.Inet AX1800 routers lacks rate limiting or account lockout mechanisms on the authentication endpoint, allowing unauthenti...

Weblate versions before 5.12 lack rate limiting on second-factor authentication endpoints, allowing attackers with valid credentials to automate OTP g...

This vulnerability allows attackers to perform brute force attacks against Drupal Access code authentication mechanisms due to insufficient rate limit...

An insufficient entropy vulnerability in SecuSUITE Secure Client Authentication Server allows attackers to potentially enroll attacker-controlled devi...

This vulnerability in Solidigm DC Products firmware allows attackers with local or physical access to bypass storage device security locks. It affects...

This vulnerability allows attackers to perform unlimited authentication attempts against the SwiftBuy login page, potentially enabling brute-force att...

This vulnerability in D-Link DIR-823X routers allows attackers to bypass authentication attempt limits, potentially enabling brute-force attacks on lo...

This vulnerability in Beetel 777VR1 routers allows attackers to bypass authentication rate limiting via the UART interface, potentially gaining unauth...

This vulnerability allows attackers to brute-force two-factor authentication (2FA) codes without rate limiting or account lockout. An attacker who has...

This vulnerability allows attackers on the local network to brute-force authentication on the /REST/shutdownnow endpoint, potentially gaining unauthor...