Weaknesses of type CWE-307
411 resultsCVE-2023-32320HIGHNextcloud Server's brute force protection allows someone to send more requests than intendedEPSS 0.9%CVE-2023-35039CRITICALWordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken AuthenticationEPSS 0.9%CVE-2022-32757HIGHIBM Security Directory Suite VA information disclosureEPSS 0.9%CVE-2023-32074HIGHNextcloud user_oidc app is missing brute force protectionEPSS 0.9%CVE-2024-21662HIGHArgo CD vulnerable to Bypassing of Rate Limit and Brute Force Protection Using Cache OverflowEPSS 0.8%CVE-2022-24044—A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXEPSS 0.8%CVE-2022-33106CRITICALWiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password EPSS 0.8%CVE-2025-52392MEDIUMSoosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attackEPSS 0.8%CVE-2022-40055CRITICALAn issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login paEPSS 0.8%CVE-2025-23368HIGHOrg.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cliEPSS 0.8%CVE-2023-33759CRITICALSpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authenticatioEPSS 0.8%CVE-2025-3555MEDIUMScriptAndTools eCommerce-website-in-PHP login.php excessive authenticationEPSS 0.8%CVE-2025-3556MEDIUMScriptAndTools eCommerce-website-in-PHP login.php excessive authenticationEPSS 0.8%CVE-2024-55008HIGHJATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users frEPSS 0.8%CVE-2023-2531HIGHImproper Restriction of Excessive Authentication Attempts in azuracast/azuracastEPSS 0.8%CVE-2022-45893HIGHPlanet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changingEPSS 0.8%CVE-2023-28847LOWNextcloud Server missing brute force protection for passwords of password protected share linksEPSS 0.8%CVE-2023-6928CRITICALImproper Restriction of Excessive Authentication AttemptsEPSS 0.8%CVE-2022-2525CRITICALImproper Restriction of Excessive Authentication Attempts in janeczku/calibre-webEPSS 0.8%CVE-2021-3412—It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login conEPSS 0.8%