Skip to main content

Brute Force

186 CVEs product

Monthly

CVE-2026-35097 MEDIUM PATCH This Month

KTM System e-BOK enforces a system-wide password policy that restricts all user credentials to exactly six numeric digits, prohibiting alphabetic, special, or extended characters and producing a maximum keyspace of only 1,000,000 possible values (10^6). This CWE-521 (Weak Password Requirements) flaw enables remote unauthenticated brute-force attacks against any customer account, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). No public exploit code or CISA KEV listing exists, but the trivial keyspace means no specialized tooling is required - standard credential automation suffices. CERT-PL reported the issue; a vendor patch was published in June 2026.

Brute Force Information Disclosure E Bok
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-11493 LOW POC Monitor

Weak password requirements in the Samba service of Tenda AC15 firmware 15.03.05.19 expose SMB file-sharing functionality to brute-force attacks from adjacent-network attackers. The flaw originates in the /etc_ro/smb.conf configuration, which enforces insufficient password complexity, enabling unauthenticated local-network adversaries to guess or brute-force credentials and achieve limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the high attack complexity (AC:H) and adjacency requirement (AV:A) constrain realistic exploitation to targeted, in-person or LAN-positioned threat actors.

Tenda Information Disclosure Brute Force
NVD VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2024-40684 MEDIUM This Month

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brute Force IBM
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-9394 LOW Monitor

Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.

Information Disclosure Brute Force Bs20 Ev Charging Station
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-41038 HIGH This Week

Weak password policy enforcement in Quantum Networks router QN-I-470 version 6.1.1.B1 enables adjacent network attackers to gain unauthorized administrative access through password brute-force attacks. CVSS 7.6 reflects adjacent network requirement (AV:A) and high complexity (AC:H), limiting exploitation to attackers already on the local network segment. No active exploitation confirmed (not in CISA KEV), but authentication bypass via brute-force is a well-understood attack primitive requiring only network proximity and time.

Authentication Bypass Brute Force
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-6284 CRITICAL CISA Emergency

Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. CVSS 9.1 (Critical) reflects network-accessible attack with no authentication required. CISA ICS-CERT advisory confirms vulnerability in operational technology environments where PLCs control industrial processes.

Authentication Bypass Brute Force
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-33771 CRITICAL Act Now

Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers to exploit predictable weak passwords on local accounts. The password management function allows administrators to configure complexity requirements but does not save these configurations, verifiable through 'Show password requirements' menu. This defect permits trivial passwords that attackers can brute-force remotely to gain full device control. No public exploit identified at time of analysis.

Authentication Bypass Juniper Brute Force Ctop Os
NVD VulDB
CVSS 4.0
9.1
EPSS
0.0%
CVE-2026-34203 PyPI LOW PATCH GHSA Monitor

Nautobot REST API user creation and modification endpoints bypass Django's configured password validation rules, allowing authenticated administrators to set or modify user passwords that fail to meet organizational security standards. Versions prior to 2.4.30 and 3.0.10 are affected; an authenticated admin with high privileges can create accounts with weak passwords despite configured AUTH_PASSWORD_VALIDATORS rules. CVSS score is 2.7 (low severity) due to requirement for authenticated administrative access; however, organizations with strict password policies relying on Nautobot's config-driven enforcement face integrity risk.

Python Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-1408 LOW POC Monitor

777Vr1 Firmware versions up to 01.00.09 contains a vulnerability that allows attackers to weak password requirements (CVSS 2.0).

Information Disclosure Brute Force
NVD GitHub VulDB
CVSS 4.0
0.3
EPSS
0.0%
CVE-2025-55252 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to the use of easily guessable passwords, potentially resulting in unauthorized acc (CVSS 3.1).

Authentication Bypass Brute Force
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-65014 PHP LOW POC PATCH Monitor

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure Librenms
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-63800 HIGH POC This Month

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Open Source Point Of Sale
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-63747 CRITICAL POC Act Now

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Qatraq
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55034 HIGH This Month

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-9551 PHP MEDIUM PATCH This Month

Drupal Protected Pages module fails to implement rate limiting on authentication attempts, enabling unauthenticated attackers to conduct brute force attacks against password-protected content. Affected versions include Protected Pages 0.0.0 through 1.7.x and 7.x-1.0 through 7.x-2.4. The vulnerability permits attackers to enumerate valid credentials and bypass access controls through repeated login submissions without detection or throttling mechanisms. No public exploit code or active exploitation has been confirmed; EPSS scoring of 0.05% (15th percentile) indicates low real-world exploitation likelihood despite the moderate CVSS score of 6.5.

Drupal PHP Brute Force Protected Pages
NVD HeroDevs VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11322 PHP LOW Monitor

Weak password requirements in Mangati NovoSGA up to version 2.2.12 allow remote attackers to bypass password policy validation during user account creation via manipulation of the Senha/Confirmação da senha (password/password confirmation) parameters on the /novosga.users/new endpoint. The vulnerability is difficult to exploit (CVSS AC:H) and offers only low confidentiality impact, but public exploit code is available and enables brute-force attacks against weak user credentials. EPSS score of 0.04% (percentile 12%) indicates limited real-world exploitation likelihood despite CVE publication.

Information Disclosure Brute Force
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-9964 HIGH This Week

No password for the root user is set in Novakon P series. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-57295 HIGH POC This Week

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force RCE Authentication Bypass Privilege Escalation Information Disclosure +1
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-10320 LOW Monitor

A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Information Disclosure
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-9514 MEDIUM This Month

A vulnerability has been found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Mall
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-25737 MEDIUM POC This Week

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Ris 9160 Firmware Ris 9260 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-55299 CRITICAL This Week

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
9.4
EPSS
0.0%
CVE-2025-8549 LOW POC PATCH Monitor

A vulnerability was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Brute Force Java
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2019-19145 MEDIUM This Month

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-8182 LOW Monitor

Weak password requirements in Tenda AC18 firmware version 15.03.05.19 allow remote attackers to conduct brute-force attacks against Samba authentication via the /etc_ro/smb.conf configuration file. The vulnerability requires high attack complexity and has been publicly disclosed, though exploitation difficulty remains elevated. CVSS 2.9 and EPSS 0.07% (20th percentile) indicate low real-world risk despite proof-of-concept availability.

Tenda Information Disclosure Brute Force Ac18 Firmware
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-28389 PyPI CRITICAL POC Act Now

Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable brute force attacks. An unauthenticated remote attacker can exploit this with no user interaction to gain full control over the affected system, including confidentiality, integrity, and availability compromise. The CVSS 9.8 severity and network-based attack vector indicate this poses significant risk to any organization running the vulnerable version without additional protective controls.

Authentication Bypass Brute Force Credential Stuffing Cosmos
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-5485 HIGH This Week

User enumeration vulnerability affecting web management interfaces where usernames are limited to device identifiers (10-digit numerical values). An unauthenticated remote attacker can enumerate valid user accounts by systematically testing digit sequences, potentially gaining information disclosure and limited system manipulation capabilities. The CVSS 8.6 rating reflects high confidentiality impact, though patch status and active exploitation details require vendor-specific assessment.

Information Disclosure Authentication Bypass Brute Force
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-48372 MEDIUM PATCH This Month

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Information Disclosure Schule School Management System
NVD GitHub
CVSS 4.0
6.6
EPSS
0.3%
CVE-2025-46742 MEDIUM Monitor

Users who were required to change their password could still access system information before changing their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4534 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure
NVD VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-1993 MEDIUM This Month

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure App Connect Enterprise Certified Containers Operands App Connect Operator
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-28200 CRITICAL POC Act Now

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Rx1800 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-26847 HIGH This Week

An issue was discovered in Znuny before 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Znuny
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-27272 LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Console
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-25211 CRITICAL Act Now

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-1474 PyPI MEDIUM POC PATCH This Month

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Brute Force Authentication Bypass Mlflow AI / ML
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27663 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-41778 MEDIUM This Month

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure Controller
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-1341 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Pmweb
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2023-37398 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-35907 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-42173 MEDIUM Monitor

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-22390 HIGH This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Optimizely Cms
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-48845 CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-51398 MEDIUM This Month

Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48272 MEDIUM POC This Month

D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Brute Force Information Disclosure Dsl 6740C Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-48271 HIGH POC This Week

D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Brute Force Dsl 6740C Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-7293 HIGH This Week

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Telerik Reporting
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-47121 MEDIUM This Month

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna Pro
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-45374 MEDIUM This Month

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-47221 HIGH PATCH This Week

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Information Disclosure Rapid Scada
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42850 Maven CRITICAL POC Act Now

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Silverpeas
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-40697 HIGH This Week

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Brute Force Information Disclosure Common Licensing
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41683 MEDIUM This Month

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Location Intelligence
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-36789 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-29208 LOW Monitor

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Ubiquiti Information Disclosure
NVD
CVSS 3.0
2.2
EPSS
0.3%
CVE-2024-32213 MEDIUM POC This Month

The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Lomag Warehouse Management
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-3735 MEDIUM This Month

A vulnerability was found in Smart Office up to 20240405. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-25729 HIGH This Week

Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-22355 MEDIUM This Month

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Brute Force Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-1346 MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1345 MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0676 HIGH This Week

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0347 LOW POC Monitor

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic.php. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure Engineers Online Portal
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%
CVE-2023-49238 CRITICAL Act Now

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0188 LOW POC Monitor

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
CVSS 3.1
3.1
EPSS
0.2%
CVE-2023-7053 HIGH POC This Week

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-24049 CRITICAL Act Now

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Brute Force Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29974 CRITICAL Act Now

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Pfsense
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-41353 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia Brute Force G 040W Q Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37503 CRITICAL Act Now

HCL Compass is vulnerable to insecure password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Hcl Compass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-37756 CRITICAL POC Act Now

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-40707 HIGH This Week

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Snap Pac S1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4125 Go HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Answer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34995 CRITICAL Act Now

There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34240 CRITICAL Act Now

Cloudexplorer-lite is an open source cloud software stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3423 HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2060 HIGH This Week

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31098 Maven CRITICAL PATCH Act Now

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Brute Force Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-25184 HIGH This Week

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Basic Mb A130 Firmware Skybridge Mb A200 Firmware Skyspider Mb R210 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25072 HIGH This Week

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2160 PyPI CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Modoboa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2106 PyPI CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Calibre Web
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1753 PHP CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0793 PHP HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0641 CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force Employee Leaves Management System
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-0569 Ruby MEDIUM PATCH This Month

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Brute Force Publify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0564 PHP HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Froxlor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0307 PHP CRITICAL PATCH Act Now

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-22451 HIGH PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brute Force Kiwi Tcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

KTM System e-BOK enforces a system-wide password policy that restricts all user credentials to exactly six numeric digits, prohibiting alphabetic, special, or extended characters and producing a maximum keyspace of only 1,000,000 possible values (10^6). This CWE-521 (Weak Password Requirements) flaw enables remote unauthenticated brute-force attacks against any customer account, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). No public exploit code or CISA KEV listing exists, but the trivial keyspace means no specialized tooling is required - standard credential automation suffices. CERT-PL reported the issue; a vendor patch was published in June 2026.

Brute Force Information Disclosure E Bok
NVD VulDB
EPSS 0% CVSS 1.3
LOW POC Monitor

Weak password requirements in the Samba service of Tenda AC15 firmware 15.03.05.19 expose SMB file-sharing functionality to brute-force attacks from adjacent-network attackers. The flaw originates in the /etc_ro/smb.conf configuration, which enforces insufficient password complexity, enabling unauthenticated local-network adversaries to guess or brute-force credentials and achieve limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the high attack complexity (AC:H) and adjacency requirement (AV:A) constrain realistic exploitation to targeted, in-person or LAN-positioned threat actors.

Tenda Information Disclosure Brute Force
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brute Force IBM
NVD VulDB
EPSS 0% CVSS 1.3
LOW Monitor

Weak password requirements in the Bluetooth Low Energy (BLE) handler of the Besen BS20 EV Charging Station (firmware up to 20260426) expose the device to credential brute-forcing from adjacent-network attackers within Bluetooth range. The flaw, catalogued under CWE-521, results in limited confidentiality impact (VC:L in CVSS 4.0) with no integrity or availability consequences, yielding an overall CVSS 4.0 score of 1.3. Publicly available exploit code exists (E:P in CVSS vector, GitHub PoC at carfeii/besen), though EPSS sits at 0.01% (2nd percentile), and no active exploitation has been confirmed by CISA KEV. Besen acknowledged the report as of April 2026 but no patched firmware version has been released.

Information Disclosure Brute Force Bs20 Ev Charging Station
NVD VulDB GitHub
EPSS 0% CVSS 7.6
HIGH This Week

Weak password policy enforcement in Quantum Networks router QN-I-470 version 6.1.1.B1 enables adjacent network attackers to gain unauthorized administrative access through password brute-force attacks. CVSS 7.6 reflects adjacent network requirement (AV:A) and high complexity (AC:H), limiting exploitation to attackers already on the local network segment. No active exploitation confirmed (not in CISA KEV), but authentication bypass via brute-force is a well-understood attack primitive requiring only network proximity and time.

Authentication Bypass Brute Force
NVD
EPSS 0% CVSS 9.3
CRITICAL Emergency

Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated attackers to gain unauthorized administrative access via network connections. Weak password policies (limited complexity requirements) combined with absent rate limiting enable systematic credential enumeration. CVSS 9.1 (Critical) reflects network-accessible attack with no authentication required. CISA ICS-CERT advisory confirms vulnerability in operational technology environments where PLCs control industrial processes.

Authentication Bypass Brute Force
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers to exploit predictable weak passwords on local accounts. The password management function allows administrators to configure complexity requirements but does not save these configurations, verifiable through 'Show password requirements' menu. This defect permits trivial passwords that attackers can brute-force remotely to gain full device control. No public exploit identified at time of analysis.

Authentication Bypass Juniper Brute Force +1
NVD VulDB
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Nautobot REST API user creation and modification endpoints bypass Django's configured password validation rules, allowing authenticated administrators to set or modify user passwords that fail to meet organizational security standards. Versions prior to 2.4.30 and 3.0.10 are affected; an authenticated admin with high privileges can create accounts with weak passwords despite configured AUTH_PASSWORD_VALIDATORS rules. CVSS score is 2.7 (low severity) due to requirement for authenticated administrative access; however, organizations with strict password policies relying on Nautobot's config-driven enforcement face integrity risk.

Python Brute Force Information Disclosure
NVD GitHub
EPSS 0% CVSS 0.3
LOW POC Monitor

777Vr1 Firmware versions up to 01.00.09 contains a vulnerability that allows attackers to weak password requirements (CVSS 2.0).

Information Disclosure Brute Force
NVD GitHub VulDB
EPSS 0% CVSS 3.1
LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to the use of easily guessable passwords, potentially resulting in unauthorized acc (CVSS 3.1).

Authentication Bypass Brute Force
NVD
EPSS 0% CVSS 3.7
LOW POC PATCH Monitor

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Open Source Point Of Sale
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Qatraq
NVD
EPSS 0% CVSS 8.8
HIGH This Month

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Drupal Protected Pages module fails to implement rate limiting on authentication attempts, enabling unauthenticated attackers to conduct brute force attacks against password-protected content. Affected versions include Protected Pages 0.0.0 through 1.7.x and 7.x-1.0 through 7.x-2.4. The vulnerability permits attackers to enumerate valid credentials and bypass access controls through repeated login submissions without detection or throttling mechanisms. No public exploit code or active exploitation has been confirmed; EPSS scoring of 0.05% (15th percentile) indicates low real-world exploitation likelihood despite the moderate CVSS score of 6.5.

Drupal PHP Brute Force +1
NVD HeroDevs VulDB
EPSS 0% CVSS 2.9
LOW Monitor

Weak password requirements in Mangati NovoSGA up to version 2.2.12 allow remote attackers to bypass password policy validation during user account creation via manipulation of the Senha/Confirmação da senha (password/password confirmation) parameters on the /novosga.users/new endpoint. The vulnerability is difficult to exploit (CVSS AC:H) and offers only low confidentiality impact, but public exploit code is available and enables brute-force attacks against weak user credentials. EPSS score of 0.04% (percentile 12%) indicates limited real-world exploitation likelihood despite CVE publication.

Information Disclosure Brute Force
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

No password for the root user is set in Novakon P series. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.0
HIGH POC This Week

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force RCE Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 1.3
LOW Monitor

A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability has been found in macrozheng mall up to 1.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Mall
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Week

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Ris 9160 Firmware +1
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

A vulnerability was found in atjiu pybbs up to 6.0.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Brute Force Java
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD GitHub
EPSS 0% CVSS 2.9
LOW Monitor

Weak password requirements in Tenda AC18 firmware version 15.03.05.19 allow remote attackers to conduct brute-force attacks against Samba authentication via the /etc_ro/smb.conf configuration file. The vulnerability requires high attack complexity and has been publicly disclosed, though exploitation difficulty remains elevated. CVSS 2.9 and EPSS 0.07% (20th percentile) indicate low real-world risk despite proof-of-concept availability.

Tenda Information Disclosure Brute Force +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable brute force attacks. An unauthenticated remote attacker can exploit this with no user interaction to gain full control over the affected system, including confidentiality, integrity, and availability compromise. The CVSS 9.8 severity and network-based attack vector indicate this poses significant risk to any organization running the vulnerable version without additional protective controls.

Authentication Bypass Brute Force Credential Stuffing +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

User enumeration vulnerability affecting web management interfaces where usernames are limited to device identifiers (10-digit numerical values). An unauthenticated remote attacker can enumerate valid user accounts by systematically testing digit sequences, potentially gaining information disclosure and limited system manipulation capabilities. The CVSS 8.6 rating reflects high confidentiality impact, though patch status and active exploitation details require vendor-specific assessment.

Information Disclosure Authentication Bypass Brute Force
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Schule is open-source school management system software. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Information Disclosure Schule School Management System
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM Monitor

Users who were required to change their password could still access system information before changing their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Rx1800 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Znuny before 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Znuny
NVD
EPSS 0% CVSS 3.1
LOW Monitor

IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Brute Force Authentication Bypass Mlflow +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Vasion Print +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Pmweb
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Information Disclosure Dryice Myxalytics
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Optimizely Cms
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force +19
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Brute Force Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Brute Force +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Telerik Reporting
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna Pro
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Brute Force Information Disclosure Gotenna
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Information Disclosure Rapid Scada
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Silverpeas
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Brute Force Information Disclosure +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Location Intelligence
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Netgear +1
NVD
EPSS 0% CVSS 2.2
LOW Monitor

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Ubiquiti Information Disclosure
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Lomag Warehouse Management
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

A vulnerability was found in Smart Office up to 20240405. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Brute Force Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Douro Firmware +1
NVD
EPSS 0% CVSS 3.7
LOW POC Monitor

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic.php. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Enterprise
NVD
EPSS 0% CVSS 3.1
LOW POC Monitor

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Brute Force Ac21000 G6 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Pfsense
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia Brute Force +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

HCL Compass is vulnerable to insecure password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Hcl Compass
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I Doit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Snap Pac S1 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Answer
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force M Bus 900S Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Cloudexplorer-lite is an open source cloud software stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fx5 Enet Ip Firmware +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Brute Force +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Basic Mb A130 Firmware +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Mb A110 Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Modoboa
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Calibre Web
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force +1
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Brute Force Publify
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Froxlor
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brute Force Kiwi Tcms
NVD GitHub
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy