CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2025-52997 MEDIUM
File Browser <2.34.1 - Info Disclosure
CVSS 5.9
CVE-2025-4383 CRITICAL
Wi-Fi Cloud Hotspot <30.05.2025 - Auth Bypass
CVSS 9.3
CVE-2025-6533 MEDIUM
xxyopen/201206030 novel-plus <5.1.3 - Auth Bypass
CVSS 5.6
CVE-2025-2171 HIGH
Aviatrix Controller <7.1.4208-8.0.0 - DoS
CVE-2025-52916 LOW
Yealink RPS <2025-06-04 - Info Disclosure
CVSS 2.2
CVE-2025-47951 MEDIUM
Weblate < 5.12 - Excessive Authentication Attempts via Second Factor Endpoint
CVSS 4.9
CVE-2025-6030 CRITICAL
Cyclone Matrix TRF Smart - Replay Attack
CVE-2025-6029 CRITICAL
KIA-branded Aftermarket Generic Smart - Replay Attack
CVE-2025-43863 CRITICAL
vantage6 < 4.11.0 - Authenticated Password Brute-Force via Change Password Functionality
CVSS 9.8
CVE-2025-49195 MEDIUM
SICK media_server - Unauthenticated Brute-Force Attack via FTP Login Mechanism
CVSS 5.3
CVE-2025-49186 MEDIUM
Avaya Media Server - Improper Restriction of Excessive Authentication Attempts
CVSS 5.3
CVE-2025-5864 LOW
Tenda TDSEE App <1.7.12 - Auth Bypass
CVSS 3.7
CVE-2025-48014 HIGH
Product <Version - Privilege Escalation
CVSS 7.5
CVE-2025-48187 CRITICAL
RAGFlow <= 0.18.1 - Account Takeover via Brute-Force Attack on Email Verification Codes
CVSS 9.1
CVE-2025-46739 HIGH
SEL Blueframe OS < 1.12.0 - Unauthenticated Credential Discovery via Brute-Force Attack
CVSS 8.1
CVE-2025-20196 MEDIUM
Cisco IOS XE - Unauthenticated Denial of Service via Crafted HTTP Requests
CVSS 5.3
CVE-2025-3709 CRITICAL
Flowring Agentflow - Unauthenticated Account Lockout Bypass
CVSS 9.8
CVE-2025-42600 HIGH
Meon KYC solutions - Unauthenticated Brute Force Attack via OTP Endpoint
CVE-2025-3556 LOW
ScriptAndTools eCommerce-website-in-PHP 3.0 - Auth Bypass
CVSS 3.7
CVE-2025-3555 LOW
ScriptAndTools eCommerce-website-in-PHP 3.0 - Auth Bypass
CVSS 3.7
CVE-2025-3129 MEDIUM
Drupal Access code < 2.0.4 - Brute Force via Excessive Authentication Attempts
CVSS 4.8
CVE-2025-0417 HIGH
Valmet DNA visualization - Info Disclosure
CVE-2025-31676 HIGH
Drupal Email TFA <2.0.3 - Auth Bypass
CVSS 8.8
CVE-2025-2911 MEDIUM
Fermax MeetMe < 2024-09 - Unauthenticated Brute Force via Call Forwarding Extensions
CVE-2025-1496 MEDIUM
BG-TEK Coslat Hotspot <6.26.0.R.20250227 - Auth Bypass
CVSS 6.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits