CWE-799

69 CVEs classified under CWE-799. Browse by severity and year.

Top CVEs for CWE-799
CVESeverityScorePublishedSummary
CVE-2025-54321Critical9.82025-11-18In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authentica…
CVE-2024-6890High8.82024-08-07Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the…
CVE-2026-7402High8.12026-04-30Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 b…
CVE-2026-32729High8.12026-03-16Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting…
CVE-2026-24017High8.12026-03-10An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, Fort…
CVE-2021-41177High8.12021-10-25Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database ba…
CVE-2026-30972High7.52026-03-10Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate…
CVE-2025-57816High7.52025-09-08Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in envi…
CVE-2024-47654High7.52024-10-04This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthent…
CVE-2024-45788High7.52024-09-11This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attac…
CVE-2024-35246High7.52024-06-20An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
CVE-2024-32943High7.52024-06-20An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
CVE-2023-35621High7.52023-12-12Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
CVE-2026-5233High7.12026-06-15Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.262…
CVE-2026-22216Medium6.52026-03-13wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post noti…
CVE-2024-47065Medium6.52025-07-11Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR…
CVE-2024-8475Medium6.52024-12-17Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This iss…
CVE-2024-51557Medium6.52024-11-04This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this…
CVE-2023-40673Medium6.52024-06-04: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Registe…
CVE-2023-27279Medium6.52024-04-19IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.