CWE-799
69 CVEs classified under CWE-799. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54321 | Critical | 9.8 | 2025-11-18 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authentica… |
CVE-2024-6890 | High | 8.8 | 2024-08-07 | Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the… |
CVE-2026-7402 | High | 8.1 | 2026-04-30 | Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 b… |
CVE-2026-32729 | High | 8.1 | 2026-03-16 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting… |
CVE-2026-24017 | High | 8.1 | 2026-03-10 | An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, Fort… |
CVE-2021-41177 | High | 8.1 | 2021-10-25 | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database ba… |
CVE-2026-30972 | High | 7.5 | 2026-03-10 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate… |
CVE-2025-57816 | High | 7.5 | 2025-09-08 | Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in envi… |
CVE-2024-47654 | High | 7.5 | 2024-10-04 | This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthent… |
CVE-2024-45788 | High | 7.5 | 2024-09-11 | This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attac… |
CVE-2024-35246 | High | 7.5 | 2024-06-20 | An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. |
CVE-2024-32943 | High | 7.5 | 2024-06-20 | An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. |
CVE-2023-35621 | High | 7.5 | 2023-12-12 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability |
CVE-2026-5233 | High | 7.1 | 2026-06-15 | Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.262… |
CVE-2026-22216 | Medium | 6.5 | 2026-03-13 | wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post noti… |
CVE-2024-47065 | Medium | 6.5 | 2025-07-11 | Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR… |
CVE-2024-8475 | Medium | 6.5 | 2024-12-17 | Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This iss… |
CVE-2024-51557 | Medium | 6.5 | 2024-11-04 | This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this… |
CVE-2023-40673 | Medium | 6.5 | 2024-06-04 | : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Registe… |
CVE-2023-27279 | Medium | 6.5 | 2024-04-19 | IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. |