Total
558 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35646 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 4.8 Medium |
| OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests. | ||||
| CVE-2025-26862 | 1 Pingidentity | 1 Pingfederate | 2026-04-15 | N/A |
| Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks. | ||||
| CVE-2024-51720 | 1 Blackberry | 1 Secusuite | 2026-04-15 | 4.8 Medium |
| An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. | ||||
| CVE-2025-64310 | 2 Epson, Seiko Epson Corporation | 2 Webconfig, Web Config | 2026-04-15 | 9.8 Critical |
| EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack. | ||||
| CVE-2025-2417 | 1 Akinsoft | 1 E-mutabakat | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06. | ||||
| CVE-2025-10658 | 2 Supportcandy, Wordpress | 2 Supportcandy, Wordpress | 2026-04-15 | 6.5 Medium |
| The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers to bypass authentication and gain unauthorized access to customer support tickets by brute forcing the 6-digit OTP code. | ||||
| CVE-2025-2415 | 1 Akinsoft | 1 Myrezzta | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2023-44235 | 2 Devnath Verma, Wordpress | 2 Wp Captcha, Wordpress | 2026-04-15 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0. | ||||
| CVE-2025-2416 | 1 Akinsoft | 1 Limondesk | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | ||||
| CVE-2025-0417 | 1 Valmet | 1 Dna | 2026-04-15 | N/A |
| Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations. | ||||
| CVE-2024-9928 | 1 Hitachienergy | 1 Nsd570 Firmware | 2026-04-15 | 5.3 Medium |
| A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. | ||||
| CVE-2024-32676 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0. | ||||
| CVE-2024-32720 | 2026-04-15 | 5.3 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. | ||||
| CVE-2025-10161 | 1 Turkguven | 1 Perfektive | 2026-04-15 | 7.3 High |
| Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue affects Perfektive: before Version: 12574 Build: 2701. | ||||
| CVE-2024-11126 | 2026-04-15 | 3.1 Low | ||
| A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12896 | 1 Solidigm | 6 D5 P5316 Firmware, D5 P5336 Firmware, D5 P5430 Firmware and 3 more | 2026-04-15 | 4.4 Medium |
| Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device. | ||||
| CVE-2025-2411 | 1 Akinsoft | 1 Taskpano | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06. | ||||
| CVE-2024-41276 | 1 Kaiten | 1 Kaiten | 2026-04-15 | 9.8 Critical |
| A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application. | ||||
| CVE-2025-10761 | 1 Harness | 1 Harness | 2026-04-15 | 3.7 Low |
| A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-32251 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 3.7 Low |
| A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms. | ||||