CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2025-62313 MEDIUM
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced.
CVSS 5.4
CVE-2025-2514 MEDIUM
Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
CVSS 5.3
CVE-2025-14362 HIGH
GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances
CVSS 7.3
CVE-2025-46606 MEDIUM
Dell PowerProtect Data Domain 8.4-8.5 - Auth Bypass
CVSS 6.2
CVE-2025-31991 MEDIUM
HCL DevOps Velocity is susceptible to brute-force attacks
CVSS 6.8
CVE-2025-69246 CRITICAL
Lack of bruteforce protection in Raytha CMS
CVSS 9.8
CVE-2025-66413 HIGH
Git for Windows <2.53.0(2) - Info Disclosure
CVSS 7.4
CVE-2025-69615 CRITICAL
Deutsche Telekom AG Portal - Auth Bypass
CVSS 9.1
CVE-2025-36363 MEDIUM
IBM DevOps Plan 3.0.0-3.0.5 - Auth Bypass
CVSS 5.9
CVE-2025-7630 MEDIUM
Wispotter <2025.10.08.1 - Auth Bypass
CVSS 5.3
CVE-2025-67853 HIGH
Moodle < 4.1.22 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2025-4319 CRITICAL
Birebirsoft Sufirmam <23012026 - Auth Bypass
CVSS 9.4
CVE-2025-53968 HIGH
evmapa - Denial of Service via Unrestricted Authentication Attempts
CVSS 7.5
CVE-2025-67091 MEDIUM
GL-Inet AX1800 Firmware 4.6.4 & 4.6.8 - Authenticated Command Injection via opkg-call Script Lock File Handling
CVSS 6.5
CVE-2025-67090 MEDIUM
GL.Inet AX1800 4.6.4 & 4.6.8 - Unauthenticated Brute Force via LuCI Authentication Endpoint
CVSS 5.1
CVE-2025-1928 CRITICAL
Restajet Online Food Delivery System <1920191225 - Info Disclosure
CVSS 9.1
CVE-2025-65427 MEDIUM
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 - Unauthenticated Brute Force via Login Endpoint
CVSS 6.5
CVE-2025-66482 MEDIUM
Misskey 13.1.0-2025.11.1 - IP Rate Limit Bypass via X-Forwarded-For Header
CVSS 6.5
CVE-2025-66204 HIGH
WBCE CMS < 1.6.5 - Brute-Force Protection Bypass via X-Forwarded-For Header
CVSS 8.1
CVE-2025-42615 HIGH
Vulnerability-lookup < - Info Disclosure
CVE-2025-46603 HIGH
Dell CloudBoost Virtual Appliance <19.13.0.0 - Info Disclosure
CVSS 7.0
CVE-2025-12995 HIGH
Medtronic CareLink Network <December 4, 2025 - Open Redirect
CVSS 8.1
CVE-2025-64310 CRITICAL
EPSON WebConfig and Epson Web Control - Excessive Authentication Attempts
CVSS 9.8
CVE-2025-63807 CRITICAL
University-BBS <9e06bab430bfc729f27b4284ba7570db3b11ce84 - Auth Bypass
CVSS 9.8
CVE-2025-59113 HIGH
Windu CMS 4.1 - Brute-Force Protection Bypass via loginError Parameter
CVSS 7.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits