CWE-799

Improper Control of Interaction Frequency

Parent: CWE-691 - Insufficient Control Flow Management

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

69 vulnerabilities with CWE-799
CVE-2025-8742 LOW
macrozheng mall 1.0.3 - Auth Bypass
CVSS 3.7
CVE-2025-7882 LOW
Mercusys MW301R 1.0.2 Build 190726 Rel.59423n - Auth Bypass
CVSS 3.1
CVE-2025-52880 MEDIUM
Komga 1.8.0-1.21.3 - Stored Cross-Site Scripting via EPUB Reader
CVSS 4.2
CVE-2025-52570 LOW
letmeind and letmeinfwd < 10.2.1 - Resource Exhaustion via Unlimited Simultaneous Connections
CVE-2025-5864 LOW
Tenda TDSEE App <1.7.12 - Auth Bypass
CVSS 3.7
CVE-2025-48016 MEDIUM
SEL-5056 Software-Defined Network Flow Controller < 2.16.0 - Denial of Service via OpenFlow Discovery Protocol
CVSS 4.3
CVE-2025-3556 LOW
ScriptAndTools eCommerce-website-in-PHP 3.0 - Auth Bypass
CVSS 3.7
CVE-2025-3555 LOW
ScriptAndTools eCommerce-website-in-PHP 3.0 - Auth Bypass
CVSS 3.7
CVE-2025-32378 MEDIUM
Shopware <6.6.10.3-6.5.8.17 - Info Disclosure
CVSS 5.3
CVE-2025-29998 HIGH
Rising Technosoft CAP back office application < 2.0.4 - Authenticated OTP Flooding via Missing Rate Limiting
CVE-2025-1629 LOW
my Excitel App 3.13.0 - Improper Restriction of Excessive Authentication Attempts in One-Time Password Handler
CVSS 3.5
CVE-2025-26524 MEDIUM
RupeeWeb < 66.9 - Authenticated OTP Flooding via Missing Rate Limiting
CVE-2024-47065 MEDIUM
meshtastic_firmware < 2.5.1 - Denial of Service via Traceroute Response Flood
CVSS 6.5
CVE-2024-57603 MEDIUM
MaysWind ezBookkeeping 0.7.0 - Privilege Escalation
CVSS 6.3
CVE-2024-13274 MEDIUM
Drupal Open Social <12.3.8-12.4.5 - Functionality Misuse
CVSS 5.3
CVE-2024-8475 MEDIUM
WiFiBurada < 1.0.5 - Authentication Bypass via User-Controlled Variable Manipulation
CVSS 6.5
CVE-2024-11126 LOW
Digistar AG-30 Plus 2.6b - Auth Bypass
CVSS 3.1
CVE-2024-51557 MEDIUM
63moons Wave 2.0 < 1.1.7 - Authenticated OTP Flooding via Missing Rate Limiting
CVSS 6.5
CVE-2024-48942 MEDIUM
Syracom Secure Login < 3.1.4.5 - Unauthenticated Brute-Force Attack via PIN Validation Endpoint
CVSS 5.9
CVE-2024-47654 HIGH
Shilpi Client Dashboard < 9.7.0 - Unauthenticated OTP Bombing via API Endpoint
CVSS 7.5
CVE-2024-9199 MEDIUM
Clibo Manager 1.1.9.2 - Denial of Service via Email Rate Limit Bypass
CVSS 5.8
CVE-2024-45788 HIGH
Reedos aiM-Star 2.0.1 - Authenticated OTP Flooding via Missing Rate Limiting
CVSS 7.5
CVE-2024-6890 HIGH
Journyx - Unauthenticated Password Reset Token Brute-Force via Insecure Randomness
CVSS 8.8
CVE-2024-35246 HIGH
Westermo L210-F2G Lynx Firmware - Denial of Service via Packet Flood
CVSS 7.5
CVE-2024-32943 HIGH
Westermo L210-F2G Firmware - Denial of Service via SSH Packets
CVSS 7.5
Details
Vulnerabilities 69
Links
MITRE CWE Entry Search this CWE With Exploits