Weaknesses of type CWE-307
412 resultsCVE-2025-36363MEDIUMIBM DevOps Plan is vulnerable to Excessive Authentication AttemptsEPSS 0.3%CVE-2025-52916LOWYealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).EPSS 0.3%CVE-2024-25031MEDIUMIBM Storage Defender information disclosureEPSS 0.2%CVE-2025-10161HIGHAuthentication Bypass in Turkguven's PerfektiveEPSS 0.2%CVE-2026-56234MEDIUMCapgo - Password Spraying via Public-Key Accessible Credential Validation EndpointEPSS 0.2%CVE-2026-27521MEDIUMBinardat 10G08-0800GSM Network Switch Missing Login Rate LimitingEPSS 0.2%CVE-2025-3129MEDIUMAccess code - Moderately critical - Access bypass - SA-CONTRIB-2025-028EPSS 0.2%CVE-2026-35646MEDIUMOpenClaw < 2026.3.25 - Pre-Authentication Rate-Limit Bypass in Webhook Token ValidationEPSS 0.2%CVE-2025-59113MEDIUMBruteforce Protection Bypass in Windu CMSEPSS 0.2%CVE-2025-7630MEDIUMOTP Password Brute Forcing in DorukNet's WispotterEPSS 0.2%CVE-2023-25820MEDIUMNextcloud Server and Enterprise Server missing brute force protection on password confirmation modalEPSS 0.2%CVE-2025-10928MEDIUMAccess code - Moderately critical - Access bypass - SA-CONTRIB-2025-108EPSS 0.2%CVE-2025-1629MEDIUMExcitel Broadband Private my Excitel App One-Time Password excessive authenticationEPSS 0.2%CVE-2021-36285MEDIUMDell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administratorEPSS 0.2%CVE-2021-36284MEDIUMDell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administratorEPSS 0.2%CVE-2026-22603MEDIUMOpenProject has no protection against brute-force attacks in the Change Password functionEPSS 0.2%CVE-2026-43926MEDIUMFOSSBilling's password reset confirmation endpoint lacks rate limitingEPSS 0.2%CVE-2025-47951MEDIUMWeblate lacks rate limiting when verifying second factorEPSS 0.2%CVE-2024-38888MEDIUMAn issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker toEPSS 0.2%CVE-2025-67090MEDIUMThe LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 VersionEPSS 0.2%