Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-07	CVE-2025-20196	A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of HTTP requests. network low complexity CWE-307	5.3
2025-05-02	CVE-2025-3709	Improper Restriction of Excessive Authentication Attempts vulnerability in Flowring Agentflow 4.0 Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack. network low complexity flowring CWE-307 critical	9.8
2025-03-20	CVE-2025-1496	Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.This issue affects Coslat Hotspot: before 6.26.0.R.20250227. network low complexity CWE-307	6.5
2025-03-06	CVE-2024-51476	IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. network low complexity CWE-307	7.5
2025-03-04	CVE-2025-23368	A flaw was found in Wildfly Elytron integration. network high complexity CWE-307	8.1
2024-12-17	CVE-2024-8429	Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. network low complexity CWE-307	4.3
2024-12-13	CVE-2024-38488	Improper Restriction of Excessive Authentication Attempts vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. network low complexity dell CWE-307 critical	9.8
2024-11-26	CVE-2024-49597	Improper Restriction of Excessive Authentication Attempts vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. network low complexity dell CWE-307	7.2
2024-11-04	CVE-2024-51558	Improper Restriction of Excessive Authentication Attempts vulnerability in 63Moons Aero and Wave 2.0 This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. network low complexity 63moons CWE-307 critical	9.8
2024-10-09	CVE-2024-7292	Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. network low complexity progress CWE-307	8.8