Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-8429 Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.
network
low complexity
CWE-307
4.3
2024-11-04 CVE-2024-51558 Improper Restriction of Excessive Authentication Attempts vulnerability in 63Moons Aero and Wave 2.0
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login.
network
low complexity
63moons CWE-307
critical
9.8
2024-10-09 CVE-2024-7292 Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
network
low complexity
progress CWE-307
8.8
2024-10-04 CVE-2024-47656 Improper Restriction of Excessive Authentication Attempts vulnerability in Shilpisoft Client Dashboard
This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login.
network
low complexity
shilpisoft CWE-307
critical
9.8
2024-09-19 CVE-2024-47088 Improper Restriction of Excessive Authentication Attempts vulnerability in Apexsoftcell LD DP Back Office and LD GEO
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login.
network
low complexity
apexsoftcell CWE-307
critical
9.8
2024-09-11 CVE-2024-45790 Improper Restriction of Excessive Authentication Attempts vulnerability in Reedos Aim-Star 2.0.1
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login.
network
low complexity
reedos CWE-307
critical
9.8
2024-09-06 CVE-2024-32771 Improper Restriction of Excessive Authentication Attempts vulnerability in Qnap QTS and Quts Hero
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions.
low complexity
qnap CWE-307
2.4
2024-09-05 CVE-2024-45589 Improper Restriction of Excessive Authentication Attempts vulnerability in Identityautomation Rapididentity
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.
network
high complexity
identityautomation CWE-307
5.9
2024-08-28 CVE-2021-22530 Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login.
network
low complexity
microfocus CWE-307
critical
9.9
2024-08-16 CVE-2024-43042 Improper Restriction of Excessive Authentication Attempts vulnerability in Pluck-Cms Pluck 4.7.18
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
network
low complexity
pluck-cms CWE-307
critical
9.8