Weaknesses of type CWE-307
412 resultsCVE-2026-32025HIGHOpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication BypassEPSS 0.3%CVE-2025-7882LOWMercusys MW301R Login excessive authenticationEPSS 0.3%CVE-2026-43914HIGHVaultwarden: Brute-force protection bypass vulnerabilityEPSS 0.3%CVE-2024-53647MEDIUMTrend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email veEPSS 0.3%CVE-2026-35628MEDIUMOpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate LimitingEPSS 0.3%CVE-2025-66482MEDIUMMisskey has a login rate limit bypass via spoofed X-Forwarded-For headerEPSS 0.3%CVE-2024-11126LOWDigistar AG-30 Plus Login Page excessive authenticationEPSS 0.3%CVE-2025-12995HIGHMedtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used tEPSS 0.3%CVE-2025-2911MEDIUMImproper Restriction of Excessive Authentication Attempts vulnerability in MeetMe productsEPSS 0.3%CVE-2025-57815LOWFides Lacks Brute-Force Protections on Authentication EndpointsEPSS 0.3%CVE-2026-2402MEDIUMCWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the usEPSS 0.3%CVE-2025-6015MEDIUMVault Login MFA Bypass of Rate Limiting and TOTP Code ReuseEPSS 0.3%CVE-2026-34505MEDIUMOpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret ValidationEPSS 0.3%CVE-2026-25577HIGHEmmett has an Unhandled CookieError Exception Causing Denial of ServiceEPSS 0.3%CVE-2025-28172MEDIUMGrandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker cEPSS 0.3%CVE-2026-33879LOWFLIP doesn't have rate limiting or brute-force protection on loginEPSS 0.3%CVE-2026-27981HIGHHomeBox has an Auth Rate Limit Bypass via IP SpoofingEPSS 0.3%CVE-2026-27801MEDIUMVaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit EnforcementEPSS 0.3%CVE-2026-41213MEDIUM@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codesEPSS 0.3%CVE-2024-3461MEDIUMKioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as tEPSS 0.3%