CVE-2026-11915
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*.
CVSS
5.9
Medio
EPSS
0.2%
p9
KEV
—
Exploit Today
3
0-100
Publicado: 10 jul 2026 · Última mod.: 13 jul 2026 · CWE-307
0.2%EPSS · 30 días0.2%
2026-07-112026-07-17
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-414359.8 CRÍ92.5%
——28A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.9dCVE-2026-445966.5 MED69.2%
——21Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any rate limiting, account lockout, or failed-attempt throttling, so an unauthenticated remote attacker could perform unlimited password-guessing attempts against any user account, significantly increasing the risk of successful brute-force attacks. This issue is fixed in versions 5.12.7 and 5.13.0.11hCVE-2022-377727.5 ALT62.1%
——19Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.9dCVE-2023-240809.8 CRÍ56.7%
——17A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.9dCVE-2022-371457.5 ALT55.2%
——17The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.9dCVE-2022-371448.8 ALT53.2%
——16The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.9d