CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2025-11566 MEDIUM
Schneider Electric PowerChute Serial Shutdown - Excessive Authentication Attempts via /REST/shutdownnow
CVE-2025-10161 HIGH
Turkguven Software Technologies Inc. Perfektive <12574.2701 - Auth ...
CVSS 7.3
CVE-2025-12896 MEDIUM
Solidigm DC Products - Privilege Escalation
CVSS 4.4
CVE-2025-12547 LOW
LogicalDOC Community Edition <9.2.1 - Info Disclosure
CVSS 3.7
CVE-2025-62257 MEDIUM
Liferay Portal 7.4.0-7.4.3.119 and DXP 2024.Q1.1-2024.Q1.5 - Password Enumeration via Brute Force Attack
CVSS 5.3
CVE-2025-10928 MEDIUM
Drupal Access code < 2.0.5 - Brute Force via Excessive Authentication Attempts
CVSS 6.3
CVE-2025-64102 CRITICAL
Zitadel < 2.71.18 - Unauthenticated Online Brute-Force Attack via OTP, TOTP, and Password
CVSS 9.8
CVE-2025-12310 MEDIUM
VirtFusion <= 6.0.2 - Improper Restriction of Excessive Authentication Attempts in Email Change Handler
CVSS 5.3
CVE-2025-60424 HIGH
Nagios Fusion <2024R2 - Auth Bypass
CVSS 7.6
CVE-2025-26862 NONE
PingFederate 11.3.0-11.3.13, 12.0.0-12.0.9, 12.1.0-12.1.8, 12.2.0-12.2.5, 12.3.0-12.3.2 Brute Force Login
CVE-2025-62399 HIGH
Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Brute-Force Attack via Authentication Endpoints
CVSS 7.5
CVE-2025-56224 HIGH
SigningHub < 8.6.8 - Unauthenticated Brute-Force Attack via OTP Verification Endpoint
CVSS 8.1
CVE-2025-56221 CRITICAL
SigningHub < 8.6.8 - Authentication Bypass via Brute Force Attack
CVSS 9.8
CVE-2025-9551 MEDIUM
Drupal Protected Pages <1.8.0 - Auth Bypass
CVSS 6.5
CVE-2025-11441 LOW
JhumanJ OpnForm <1.9.3 - Auth Bypass
CVSS 3.7
CVE-2025-58587 MEDIUM
Sick Analytics Products - Improper Authentication
CVSS 6.5
CVE-2025-8679 CRITICAL
ExtremeGuest Essentials < 25.5.0 - Unauthenticated Brute-Force Bypass via Captive-Portal Login
CVSS 9.8
CVE-2025-8118 MEDIUM
widzialni pad_cms < 1.2.1 - Brute-Force Protection Bypass via Cookie Reset
CVSS 6.5
CVE-2025-36064 MEDIUM
IBM Sterling Connect:Express 3.1.0.0-3.1.0.22 - Unauthenticated Brute Force via Inadequate Account Lockout
CVSS 5.9
CVE-2025-35041 HIGH
Airship AI Acropolis < 10.2.35 - Authenticated MFA Brute-Force via Unlimited Attempts
CVSS 7.5
CVE-2025-10761 LOW
Harness 3.3.0 - Improper Restriction of Excessive Authentication Attempts in Login Endpoint
CVSS 3.7
CVE-2025-10658 MEDIUM
SupportCandy <= 3.3.7 - Unauthenticated Authentication Bypass via OTP Brute Force
CVSS 6.5
CVE-2025-54860 HIGH
Cognex In-Sight Explorer & Camera Firmware - DoS
CVSS 7.7
CVE-2025-36758 MEDIUM
SolaX Cloud - Authentication Bypass via Forgot Password Oracle
CVE-2025-57815 MEDIUM
Fides < 2.69.1 - Excessive Authentication Attempts via Admin UI Login Endpoint
CVSS 6.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits