CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

561 vulnerabilities with CWE-307
CVE-2026-31903 HIGH
IGL-Technologies eParking.fi Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2026-32025 HIGH
OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass
CVSS 7.5
CVE-2026-32295 HIGH
JetKVM insufficient login rate limiting
CVSS 7.5
CVE-2026-32292 HIGH
GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
CVSS 7.5
CVE-2026-32729 HIGH
Runtipi <4.8.1 - Auth Bypass
CVSS 8.1
CVE-2026-31863 LOW
Anytype Heart <0.48.4 - Auth Bypass
CVSS 3.6
CVE-2026-30959 MEDIUM
OneUptime - Auth Bypass
CVSS 5.0
CVE-2026-22629 LOW
Fortinet FortiAnalyzer/FortiManager - Auth Bypass
CVSS 3.7
CVE-2026-24696 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-20882 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-27778 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-30790 CRITICAL
RustDesk Server Pro/OSS - Auth Bypass
CVSS 9.8
CVE-2026-27801 MEDIUM
Vaultwarden <=1.34.3 - 2FA Bypass
CVSS 5.9
CVE-2026-27981 HIGH
HomeBox <0.24.0 - Auth Bypass
CVSS 7.4
CVE-2026-27824 MEDIUM
calibre <9.4.0 - Auth Bypass
CVSS 5.3
CVE-2026-27753 MEDIUM
SODOLA SL902-SWTGW124AS <200.1.20 - Auth Bypass
CVSS 6.5
CVE-2026-26305 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-24445 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-25945 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-25114 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-25113 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-20792 HIGH
WebSocket API - DoS
CVSS 7.5
CVE-2026-26227 LOW
VLC for Android <3.7.0 - Auth Bypass
CVSS 3.7
CVE-2026-27521 HIGH
Binardat 10G08-0800GSM V300SP10260209 - Auth Bypass
CVSS 7.5
CVE-2026-25577 HIGH
Pypi Emmett-core < 1.3.11 - Brute Force
CVSS 7.5
Details
Vulnerabilities 561
Links
MITRE CWE Entry Search this CWE With Exploits