CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

522 vulnerabilities with CWE-307
CVE-2026-24696 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-20882 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-27778 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-30790
RustDesk Server Pro/OSS - Auth Bypass
CVE-2026-27801 MEDIUM
Vaultwarden <=1.34.3 - 2FA Bypass
CVSS 5.9
CVE-2026-27981 HIGH
HomeBox <0.24.0 - Auth Bypass
CVSS 7.4
CVE-2025-36363 MEDIUM
IBM DevOps Plan 3.0.0-3.0.5 - Auth Bypass
CVSS 5.9
CVE-2026-27824 MEDIUM
calibre <9.4.0 - Auth Bypass
CVSS 5.3
CVE-2026-27753 MEDIUM
SODOLA SL902-SWTGW124AS <200.1.20 - Auth Bypass
CVSS 6.5
CVE-2026-26305 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-24445 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-25945 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-25114 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-25113 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-20792 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-26227 LOW
VLC for Android <3.7.0 - Auth Bypass
CVSS 3.7
CVE-2026-27521 HIGH
Binardat 10G08-0800GSM V300SP10260209 - Auth Bypass
CVSS 7.5
CVE-2025-7630 MEDIUM
Wispotter <2025.10.08.1 - Auth Bypass
CVSS 5.3
CVE-2026-25577 HIGH
Pypi Emmett-core < 1.3.11 - Brute Force
CVSS 7.5
CVE-2026-2110 LOW
Tasin1025 SwiftBuy <0f5011372e8d1d7edfd642d57d721c9fadc54ec7 - Auth...
CVSS 3.7
CVE-2025-67853 HIGH
Moodle < 4.1.22 - Brute Force
CVSS 7.5
CVE-2026-1685 LOW
D-Link DIR-823X 250416 - Auth Bypass
CVSS 3.7
CVE-2026-24436 CRITICAL
Shenzhen Tenda W30E V2 - Auth Bypass
CVSS 9.8
CVE-2026-1409 LOW
Beetel 777VR1 <01.00.09/01.00.09_55 - Auth Bypass
CVSS 2.0
CVE-2025-4319 CRITICAL
Birebirsoft Sufirmam <23012026 - Auth Bypass
CVSS 9.4
Details
Vulnerabilities 522
Links
MITRE CWE Entry Search this CWE With Exploits