CWE-799
Improper Control of Interaction Frequency
Description
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Hierarchy (View 1000)
CVEs mapped to this weakness (39)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7402 | Hig | 0.53 | 8.1 | 0.00 | Apr 30, 2026 | Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | ||
| CVE-2025-29998 | — | Hig | 0.53 | — | 0.00 | Mar 13, 2025 | This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the… | |
| CVE-2026-5233 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250. | ||
| CVE-2024-8475 | Med | 0.42 | 6.5 | 0.00 | Dec 17, 2024 | Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5. | ||
| CVE-2023-40673 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2024 | : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02. | ||
| CVE-2016-6543 | Med | 0.39 | 5.9 | 0.02 | Jul 13, 2018 | A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. | ||
| CVE-2024-0094 | Med | 0.36 | 5.5 | 0.00 | Jun 13, 2024 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service. | ||
| CVE-2025-12310 | — | Med | 0.34 | 5.3 | 0.00 | Oct 27, 2025 | A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can… | |
| CVE-2024-24873 | Med | 0.34 | 5.3 | 0.00 | May 17, 2024 | : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71. | ||
| CVE-2024-34695 | Med | 0.34 | 6.3 | 0.01 | May 14, 2024 | WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts… | ||
| CVE-2025-26524 | — | Med | 0.33 | — | 0.00 | Feb 14, 2025 | This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to… | |
| CVE-2025-48016 | — | Med | 0.28 | 4.3 | 0.00 | May 20, 2025 | OpenFlow discovery protocol can exhaust resources because it is not rate limited | |
| CVE-2026-41346 | Med | 0.27 | 5.3 | 0.00 | Apr 23, 2026 | OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on… | ||
| CVE-2026-41343 | Med | 0.27 | 5.3 | 0.00 | Apr 23, 2026 | OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust… | ||
| CVE-2026-10216 | Low | 0.24 | 3.7 | 0.00 | Jun 1, 2026 | A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The… | ||
| CVE-2026-7671 | Low | 0.24 | 3.7 | 0.01 | May 3, 2026 | A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from… | ||
| CVE-2026-2110 | Low | 0.24 | 3.7 | 0.01 | Feb 7, 2026 | A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication… | ||
| CVE-2026-1685 | Low | 0.24 | 3.7 | 0.01 | Jan 30, 2026 | A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is… | ||
| CVE-2025-12547 | Low | 0.24 | 3.7 | 0.01 | Oct 31, 2025 | A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be… | ||
| CVE-2025-11441 | Low | 0.24 | 3.7 | 0.01 | Oct 8, 2025 | A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is… |
- risk 0.53cvss 8.1epss 0.00
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
- risk 0.53cvss —epss 0.00
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the…
- risk 0.46cvss 7.1epss 0.00
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
- risk 0.42cvss 6.5epss 0.00
Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5.
- risk 0.42cvss 6.5epss 0.00
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.
- risk 0.39cvss 5.9epss 0.02
A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
- risk 0.36cvss 5.5epss 0.00
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service.
- risk 0.34cvss 5.3epss 0.00
A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can…
- risk 0.34cvss 5.3epss 0.00
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.
- risk 0.34cvss 6.3epss 0.01
WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts…
- risk 0.33cvss —epss 0.00
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to…
- risk 0.28cvss 4.3epss 0.00
OpenFlow discovery protocol can exhaust resources because it is not rate limited
- risk 0.27cvss 5.3epss 0.00
OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on…
- risk 0.27cvss 5.3epss 0.00
OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The…
- risk 0.24cvss 3.7epss 0.01
A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from…
- risk 0.24cvss 3.7epss 0.01
A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication…
- risk 0.24cvss 3.7epss 0.01
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is…
- risk 0.24cvss 3.7epss 0.01
A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be…
- risk 0.24cvss 3.7epss 0.01
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is…