Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2023-12-22 CVE-2023-49792 Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.
network
low complexity
nextcloud CWE-307
critical
9.8
2023-12-20 CVE-2023-6912 Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
network
low complexity
m-files CWE-307
critical
9.8
2023-12-20 CVE-2023-27172 Improper Restriction of Excessive Authentication Attempts vulnerability in Xpand-It Write-Back Manager 2.3.1
Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens.
network
low complexity
xpand-it CWE-307
critical
9.1
2023-12-19 CVE-2023-6928 Improper Restriction of Excessive Authentication Attempts vulnerability in Eurotel Etl3100 Firmware 01C01/01X37
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.
network
low complexity
eurotel CWE-307
critical
9.8
2023-12-18 CVE-2023-6272 Improper Restriction of Excessive Authentication Attempts vulnerability in Thememylogin 2FA
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
network
low complexity
thememylogin CWE-307
critical
9.8
2023-12-13 CVE-2023-50444 Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
network
low complexity
primx CWE-307
7.5
2023-12-13 CVE-2023-6756 Improper Restriction of Excessive Authentication Attempts vulnerability in Thecosy Icecms 2.0.1
A vulnerability was found in Thecosy IceCMS 2.0.1.
network
low complexity
thecosy CWE-307
critical
9.8
2023-12-12 CVE-2023-49278 Improper Restriction of Excessive Authentication Attempts vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-307
5.3
2023-12-08 CVE-2023-49443 Improper Restriction of Excessive Authentication Attempts vulnerability in Html-Js Doracms 2.1.8
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords.
network
low complexity
html-js CWE-307
critical
9.8
2023-12-07 CVE-2023-35039 Improper Restriction of Excessive Authentication Attempts vulnerability in Bedevious Password Reset With Code for Wordpress Rest API
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
network
low complexity
bedevious CWE-307
critical
9.8