CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2026-22629 LOW
Fortinet FortiAnalyzer/FortiManager - Auth Bypass
CVSS 3.7
CVE-2026-24696 HIGH
api.everon.io - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-20882 HIGH
Mobiliti e-mobi.hu - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-27778 HIGH
ePower epower.ie - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-30790 CRITICAL
RustDesk Server Pro/OSS - Auth Bypass
CVSS 9.8
CVE-2026-27801 MEDIUM
Vaultwarden < 1.35.0 - Authenticated 2FA Bypass via Protected Actions
CVSS 5.9
CVE-2026-27981 HIGH
HomeBox < 0.24.0 - Authentication Bypass via Forged X-Real-IP Header
CVSS 7.4
CVE-2026-27824 MEDIUM
calibre < 9.4.0 - Brute-Force Protection Bypass via X-Forwarded-For Header Manipulation
CVSS 5.3
CVE-2026-27753 MEDIUM
SODOLA SL902-SWTGW124AS <200.1.20 - Auth Bypass
CVSS 6.5
CVE-2026-26305 HIGH
mobility46.se - Denial of Service and Brute-Force Attack via WebSocket API
CVSS 7.5
CVE-2026-24445 HIGH
ev.energy - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-25945 HIGH
ev2go.io - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-25114 HIGH
cloudcharge.se - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-25113 HIGH
swtchenergy.com - Denial of Service via WebSocket API Authentication Request Flood
CVSS 7.5
CVE-2026-20792 HIGH
chargemap.com - Denial of Service via WebSocket Authentication Request Flood
CVSS 7.5
CVE-2026-26227 LOW
VLC for Android <3.7.0 - Auth Bypass
CVSS 3.7
CVE-2026-27521 HIGH
Binardat 10G08-0800GSM V300SP10260209 - Auth Bypass
CVSS 7.5
CVE-2026-25577 HIGH
emmett-core < 1.3.11 - Unauthenticated Denial of Service via Malformed Cookie Header
CVSS 7.5
CVE-2026-2110 LOW
Tasin1025 SwiftBuy <0f5011372e8d1d7edfd642d57d721c9fadc54ec7 - Auth...
CVSS 3.7
CVE-2026-1685 LOW
D-Link DIR-823X 250416 - Auth Bypass
CVSS 3.7
CVE-2026-24436 CRITICAL
Shenzhen Tenda W30E V2 - Auth Bypass
CVSS 9.8
CVE-2026-1409 LOW
Beetel 777VR1 <01.00.09/01.00.09_55 - Auth Bypass
CVSS 2.0
CVE-2026-22278 HIGH
Dell PowerScale OneFS < 9.13.0.0 - Unauthenticated Excessive Authentication Attempts
CVSS 8.1
CVE-2026-22603 MEDIUM
OpenProject < 16.6.2 - Unauthenticated Brute-Force Attack via Password Change Endpoint
CVSS 6.5
CVE-2025-64526 MEDIUM
Strapi <5.45.0 users-permissions - Rate Limit Bypass
CVSS 5.3
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits