Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
brute force vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing malicious users to bypass authentication via a brute force attack.
Splicecom Maximiser Soft Pbx
1 Github repository
9.8
CVSSv3
CVE-2023-49599
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force...
Wwbn Avideo 15fed957fb
9.8
CVSSv3
CVE-2023-6912
Lack of protection against brute force attacks in M-Files Server prior to 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
M-files M-files Server
9.8
CVSSv3
CVE-2023-6272
The Theme My Login 2FA WordPress plugin prior to 1.2 does not rate limit 2FA validation attempts, which may allow an malicious user to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
Thememylogin 2fa
9.8
CVSSv3
CVE-2023-24051
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows malicious users to gain escalated privileges via brute force style attacks.
Connectize Ac21000 G6 Firmware 641.139.1.1256
9.8
CVSSv3
CVE-2023-31176
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote malicious user to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.
Selinc Sel-451 Firmware
Selinc Sel-451 Firmware R326-v0
Selinc Sel-451 Firmware R327-v0
9.8
CVSSv3
CVE-2023-48028
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.
Kodcloud Kodbox 1.46.01
9.8
CVSSv3
CVE-2023-41350
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check...
Nokia G-040w-q Firmware G040wqr201207
9.8
CVSSv3
CVE-2023-0897
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Sielco Polyeco500 Firmware 1.7.0
Sielco Polyeco500 Firmware 10.16
Sielco Polyeco300 Firmware 2.0.0
Sielco Polyeco300 Firmware 2.0.2
Sielco Polyeco300 Firmware 10.19
Sielco Polyeco1000 Firmware 1.9.3
Sielco Polyeco1000 Firmware 1.9.4
Sielco Polyeco1000 Firmware 2.0.6
Sielco Polyeco1000 Firmware 10.19
9.8
CVSSv3
CVE-2023-42769
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote malicious user to obtain a valid session, bypass authentication, and manipulate the transmitter.
Sielco Analog Fm Transmitter Exc5000gx Firmware -
Sielco Analog Fm Transmitter Exc120gx Firmware -
Sielco Analog Fm Transmitter Exc300gx Firmware -
Sielco Analog Fm Transmitter Exc1600gx Firmware -
Sielco Analog Fm Transmitter Exc2000gx Firmware -
Sielco Analog Fm Transmitter Exc1000gx Firmware -
Sielco Analog Fm Transmitter Exc3000gx Firmware -
Sielco Analog Fm Transmitter Exc30gt Firmware -
Sielco Analog Fm Transmitter Exc300gt Firmware -
Sielco Analog Fm Transmitter Exc100gt Firmware -
Sielco Analog Fm Transmitter Exc5000gt Firmware -
Sielco Analog Fm Transmitter Exc1000gt Firmware -
Sielco Analog Fm Transmitter Exc120gt Firmware -
Sielco Radio Link Rtx19 Firmware -
Sielco Radio Link Exc19 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »