VYPR

CWE-799

Improper Control of Interaction Frequency

ClassIncomplete

Description

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (39)

page 1 of 2
  • CVE-2026-7402HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

  • CVE-2025-29998HigMar 13, 2025
    risk 0.53cvss epss 0.00

    This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the…

  • CVE-2026-5233HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

  • CVE-2024-8475MedDec 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5.

  • CVE-2023-40673MedJun 4, 2024
    risk 0.42cvss 6.5epss 0.00

    : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.

  • CVE-2016-6543MedJul 13, 2018
    risk 0.39cvss 5.9epss 0.02

    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.

  • CVE-2024-0094MedJun 13, 2024
    risk 0.36cvss 5.5epss 0.00

    NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where an untrusted guest VM can cause improper control of the interaction frequency in the host. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2025-12310MedOct 27, 2025
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can…

  • CVE-2024-24873MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    : Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71.

  • CVE-2024-34695MedMay 14, 2024
    risk 0.34cvss 6.3epss 0.01

    WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts…

  • CVE-2025-26524MedFeb 14, 2025
    risk 0.33cvss epss 0.00

    This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to…

  • CVE-2025-48016MedMay 20, 2025
    risk 0.28cvss 4.3epss 0.00

    OpenFlow discovery protocol can exhaust resources because it is not rate limited

  • CVE-2026-41346MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on…

  • CVE-2026-41343MedApr 23, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust…

  • CVE-2026-10216LowJun 1, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The…

  • CVE-2026-7671LowMay 3, 2026
    risk 0.24cvss 3.7epss 0.01

    A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from…

  • CVE-2026-2110LowFeb 7, 2026
    risk 0.24cvss 3.7epss 0.01

    A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication…

  • CVE-2026-1685LowJan 30, 2026
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is…

  • CVE-2025-12547LowOct 31, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be…

  • CVE-2025-11441LowOct 8, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is…