CVEs classified under CWE-799, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2025-54321 — CVSS 9.8 (critical): In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing…
CVE-2025-29998: This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An…
CVE-2026-7402 — CVSS 8.1 (high): Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS…
CVE-2026-24017 — CVSS 8.1 (high): An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0…
CVE-2021-41177 — CVSS 8.1 (high): Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not…
CVE-2026-30972 — CVSS 7.5 (high): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23…
CVE-2025-57816 — CVSS 7.5 (high): Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is…
CVE-2024-47654 — CVSS 7.5 (high): This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API…
CVE-2024-45788 — CVSS 7.5 (high): This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An…
CVE-2024-35246 — CVSS 7.5 (high): An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
CVE-2024-32943 — CVSS 7.5 (high): An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
CVE-2026-5233 — CVSS 7.1 (high): Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy…
CVE-2026-22216 — CVSS 6.5 (medium): wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email…
CVE-2024-47065 — CVSS 6.5 (medium): Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited…
CVE-2023-40673 — CVSS 6.5 (medium): : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue…
CVE-2023-27279 — CVSS 6.5 (medium): IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID…
CVE-2024-57603 — CVSS 6.3 (medium): An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.
CVE-2024-34695 — CVSS 6.3 (medium): WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation…
CVE-2024-48942 — CVSS 5.9 (medium): The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the…
CVE-2024-9199 — CVSS 5.8 (medium): Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short…
CVE-2024-0094 — CVSS 5.5 (medium): NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control…
CVE-2026-41346 — CVSS 5.3 (medium): OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to…
CVE-2026-41343 — CVSS 5.3 (medium): OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient…
CVE-2025-13212 — CVSS 5.3 (medium): IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper…
CVE-2025-13211 — CVSS 5.3 (medium): IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to…
CVE-2025-32378 — CVSS 5.3 (medium): Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for…
CVE-2024-13274 — CVSS 5.3 (medium): Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social…
CVE-2023-51544 — CVSS 5.3 (medium): Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects…
CVE-2024-24873 — CVSS 5.3 (medium): : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a…
CVE-2021-32741 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2025-26524: This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An…
CVE-2025-55268 — CVSS 4.3 (medium): HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and…
CVE-2021-37191 — CVSS 4.3 (medium): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same…
CVE-2025-52880 — CVSS 4.2 (medium): Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in…
CVE-2026-41333 — CVSS 3.7 (low): OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared…
CVE-2023-2758 — CVSS 3.7 (low): A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in…
CVE-2021-37910 — CVSS 3.7 (low): ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an…