Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-6272 | Improper Restriction of Excessive Authentication Attempts vulnerability in Thememylogin 2FA The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. | 9.8 |
| 2023-12-13 | CVE-2023-50444 | Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. | 7.5 |
| 2023-12-13 | CVE-2023-6756 | Improper Restriction of Excessive Authentication Attempts vulnerability in Thecosy Icecms 2.0.1 A vulnerability was found in Thecosy IceCMS 2.0.1. | 9.8 |
| 2023-12-12 | CVE-2023-49278 | Improper Restriction of Excessive Authentication Attempts vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.3 |
| 2023-12-08 | CVE-2023-49443 | Improper Restriction of Excessive Authentication Attempts vulnerability in Html-Js Doracms 2.1.8 DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. | 9.8 |
| 2023-12-07 | CVE-2023-35039 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bedevious Password Reset With Code for Wordpress Rest API Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | 9.8 |
| 2023-12-04 | CVE-2023-24051 | Improper Restriction of Excessive Authentication Attempts vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256 A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | 9.8 |
| 2023-11-18 | CVE-2023-48028 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kodcloud Kodbox 1.46.01 kodbox 1.46.01 has a security flaw that enables user enumeration. | 9.8 |
| 2023-11-17 | CVE-2023-46745 | Improper Restriction of Excessive Authentication Attempts vulnerability in Librenms LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. | 7.5 |
| 2023-11-14 | CVE-2023-45582 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | 7.3 |