Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3556 | 2025-04-16 | 3.7 Low | ||
| A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3555 | 2025-04-16 | 3.7 Low | ||
| A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32378 | 2025-04-09 | N/A | ||
| Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. | ||||
| CVE-2023-40332 | 1 Lesterchan | 1 Wp-postratings | 2025-04-03 | 5.3 Medium |
| Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91. | ||||
| CVE-2025-29998 | 2025-03-13 | N/A | ||
| This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system. | ||||
| CVE-2025-1629 | 2025-02-24 | 3.5 Low | ||
| A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-26524 | 2025-02-14 | N/A | ||
| This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system. | ||||
| CVE-2024-57603 | 2025-02-13 | 6.3 Medium | ||
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. | ||||
| CVE-2023-51544 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 5.3 Medium |
| Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | ||||
| CVE-2024-13274 | 2025-01-14 | 5.3 Medium | ||
| Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | ||||
| CVE-2023-2758 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 3.7 Low |
| A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. | ||||
| CVE-2023-35621 | 1 Microsoft | 1 Dynamics 365 | 2025-01-01 | 7.5 High |
| Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | ||||
| CVE-2024-8475 | 2024-12-17 | 6.5 Medium | ||
| Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. | ||||
| CVE-2024-6890 | 1 Journyx | 1 Journyx | 2024-11-21 | 8.8 High |
| Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. | ||||
| CVE-2024-35246 | 1 Westermo | 1 L210-f2g Lynx Firmware | 2024-11-21 | 7.5 High |
| An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. | ||||
| CVE-2024-34695 | 2024-11-21 | 6.3 Medium | ||
| WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1. | ||||
| CVE-2024-32943 | 2024-11-21 | 7.5 High | ||
| An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. | ||||
| CVE-2024-24873 | 2024-11-21 | 5.3 Medium | ||
| : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71. | ||||
| CVE-2024-0094 | 2024-11-21 | 5.5 Medium | ||
| NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2023-40673 | 2024-11-21 | 6.5 Medium | ||
| : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02. | ||||