Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-307 (过多认证尝试的限制不恰当) — Vulnerability Class 327

327 vulnerabilities classified as CWE-307 (过多认证尝试的限制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6947 D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass — DWM-222W 7.5 High2026-04-24
CVE-2026-41213 @node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes — node-oauth2-server 5.9 Medium2026-04-23
CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection — blueprintue-self-hosted-edition 7.5 High2026-04-21
CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances — GoAnywhere MFT 7.3 High2026-04-21
CVE-2026-41037 Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470 — Router QN-I-470 8.8AIHighAI2026-04-21
CVE-2026-40485 ChurchCRM: Username Enumeration via Differential Response in Public Login API — CRM 5.3 Medium2026-04-17
CVE-2025-46606 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain 6.2 Medium2026-04-17
CVE-2026-22616 Eaton Intelligent Power Protector 安全漏洞 — IPP Software 6.5 Medium2026-04-16
CVE-2026-33667 OpenProject: 2FA OTP Verification Missing Rate Limiting — openproject 7.4 High2026-04-15
CVE-2026-2402 Schneider Electric PowerChute Serial Shutdown 安全漏洞 — PowerChute™ Serial Shutdown 9.8 -2026-04-14
CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks — Velocity 6.8 Medium2026-04-13
CVE-2026-35597 Vikunja Affected by TOTP Brute-Force Due to Non-Functional Account Lockout — vikunja 5.9 Medium2026-04-10
CVE-2026-35646 OpenClaw < 2026.3.25 - Pre-Authentication Rate-Limit Bypass in Webhook Token Validation — OpenClaw 4.8 Medium2026-04-09
CVE-2026-35628 OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Telegram Webhook Rate Limiting — OpenClaw 4.8 Medium2026-04-09
CVE-2026-35623 OpenClaw < 2026.3.25 - Brute-Force Attack via Missing Webhook Password Rate Limiting — OpenClaw 4.8 Medium2026-04-09
CVE-2026-33580 OpenClaw < 2026.3.28 - Brute Force Attack via Missing Rate Limiting on Webhook Shared Secret Authentication — OpenClaw 6.5 Medium2026-03-31
CVE-2026-34505 OpenClaw < 2026.3.12 - Webhook Rate Limiting Bypass via Pre-Authentication Secret Validation — OpenClaw 6.5 Medium2026-03-31
CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login — FLIP 9.8 -2026-03-27
CVE-2026-33763 AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle — AVideo 5.3 Medium2026-03-27
CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State — MyTube--2026-03-27
CVE-2026-33640 Outline has a rate limit bypass that allows brute force of email login OTP — outline 9.1 -2026-03-26
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication — recipes 9.1 Critical2026-03-26
CVE-2026-31851 Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+ — Nebula 300+ 9.8 -2026-03-23
CVE-2026-31903 IGL-Technologies eParking.fi Improper Restriction of Excessive Authentication Attempts — eParking.fi 7.5 High2026-03-20
CVE-2026-31904 CTEK Chargeportal Improper Restriction of Excessive Authentication Attempts — Chargeportal 7.5 High2026-03-20
CVE-2026-32025 OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass — OpenClaw 7.5 High2026-03-19
CVE-2026-32295 JetKVM insufficient login rate limiting — JetKVM 7.5 High2026-03-17
CVE-2026-32292 GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting — Comet KVM 7.5 High2026-03-17
CVE-2025-69246 Lack of bruteforce protection in Raytha CMS — Raytha 9.1 -2026-03-16
CVE-2026-32729 Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp` — runtipi 8.1 High2026-03-13

Vulnerabilities classified as CWE-307 (过多认证尝试的限制不恰当) represent 327 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.