Vulnerabilities (CVE)

Filtered by CWE-307
Total 413 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6912 1 M-files 1 M-files Server 2024-11-21 N/A 7.5 HIGH
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
CVE-2023-6756 1 Thecosy 1 Icecms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884.
CVE-2023-6272 1 Thememylogin 1 2fa 2024-11-21 N/A 9.8 CRITICAL
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
CVE-2023-5754 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2024-11-21 N/A 9.1 CRITICAL
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
CVE-2023-50444 1 Primx 3 Zed\!, Zedmail, Zonecentral 2024-11-21 N/A 7.5 HIGH
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
CVE-2023-50326 1 Ibm 1 Powersc 2024-11-21 N/A 7.5 HIGH
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.
CVE-2023-4625 1 Mitsubishielectric 126 Fx5s-30mr\/es, Fx5s-30mr\/es Firmware, Fx5s-30mt\/es and 123 more 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.
CVE-2023-49810 1 Wwbn 1 Avideo 2024-11-21 N/A 7.3 HIGH
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVE-2023-49792 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 5.3 MEDIUM
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.
CVE-2023-49443 1 Html-js 1 Doracms 2024-11-21 N/A 9.8 CRITICAL
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.
CVE-2023-49278 1 Umbraco 1 Umbraco Cms 2024-11-21 N/A 5.3 MEDIUM
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
CVE-2023-48745 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.
CVE-2023-48318 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
CVE-2023-48290 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20.
CVE-2023-48276 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.
CVE-2023-48028 1 Kodcloud 1 Kodbox 2024-11-21 N/A 9.8 CRITICAL
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.
CVE-2023-45191 1 Ibm 1 Engineering Lifecycle Optimization 2024-11-21 N/A 7.5 HIGH
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.
CVE-2023-45149 1 Nextcloud 1 Talk 2024-11-21 N/A 4.3 MEDIUM
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.
CVE-2023-45148 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 4.3 MEDIUM
Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.
CVE-2023-45009 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3.