Login Sign Up

CWE-307: CWE-307

176
Total CVEs
69
Critical
71
High
8.1
Avg CVSS

Yearly Trend

2026
14
2025
57
2024
36
2023
33
2022
9

Top Affected Vendors

1 Ibm 9
2 Dell 7
3 Siemens 4
4 Nextcloud 4
5 Fortinet 3
6 Schneider Electric 3
7 Endress 3
8 Gl Inet 3
9 Moodle 2
10 Dlink 2

All CWE-307 CVEs (176)

CVE-2021-25309
9.8

This vulnerability allows remote attackers to brute-force the administrative telnet service on Gigaset DX600A handsets due to no lockout/throttling an...

Mar 2, 2021
CVE-2021-27514
9.8

CVE-2021-27514 is an authentication bypass vulnerability in EyesOfNetwork where short, predictable session IDs (8-10 digits) can be brute-forced. This...

Feb 22, 2021
CVE-2020-35565
9.8

CVE-2020-35565 is a critical authentication vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software where brute-force protection is di...

Feb 16, 2021
CVE-2020-25196
9.8

The built-in WEB server in MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions that can be brute-forced to bypass authent...

Dec 23, 2020
CVE-2020-35590
9.8

This vulnerability allows attackers to bypass rate limiting in the WordPress Limit Login Attempts Reloaded plugin by forging the X-Forwarded-For heade...

Dec 21, 2020
CVE-2020-28212
9.8

This vulnerability allows attackers to perform brute force attacks against the PLC Simulator in EcoStruxure Control Expert (Unity Pro) via Modbus prot...

Nov 19, 2020
CVE-2020-15906
9.8

This vulnerability in Tiki Wiki CMS Groupware allows attackers to bypass authentication by resetting the admin password to blank after 50 failed login...

Oct 22, 2020
CVE-2020-15786
9.8

This vulnerability allows remote attackers to perform brute-force attacks against SIMATIC HMI panels due to insufficient authentication attempt blocki...

Sep 9, 2020
CVE-2025-4319
9.4

This vulnerability allows attackers to perform brute force attacks against user accounts and exploit weak password recovery mechanisms in Birebirsoft ...

Jan 23, 2026
CVE-2025-4383
9.3

This vulnerability allows attackers to bypass authentication or perform credential brute-forcing on Art-in Bilişim's Wi-Fi Cloud Hotspot systems due ...

Jun 24, 2025
CVE-2024-9832
9.3

This vulnerability allows attackers to brute-force clinician passwords on medical ventilators due to unlimited failed login attempts. Successful explo...

Nov 14, 2024
CVE-2025-1928
9.1

This vulnerability allows attackers to bypass password recovery rate limiting in Restajet's Online Food Delivery System, enabling brute-force attacks ...

Dec 19, 2025
CVE-2025-48187
9.1

CVE-2025-48187 allows attackers to brute-force 6-digit email verification codes in RAGFlow to register accounts, log in, or reset passwords without ra...

May 17, 2025
CVE-2024-48143
9.1

CVE-2024-48143 is a critical authentication bypass vulnerability in Digitory Multi Channel Integrated POS v1.0 that allows attackers to brute-force OT...

Oct 24, 2024
CVE-2024-24767
9.1

CVE-2024-24767 is a critical authentication vulnerability in CasaOS-UserService that allows attackers to perform unlimited password brute force attack...

Mar 6, 2024
CVE-2024-22317
9.1

This vulnerability in IBM App Connect Enterprise allows remote attackers to bypass authentication rate limiting, potentially enabling brute-force atta...

Jan 18, 2024
CVE-2023-27172
9.1

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens, allowing attackers to brute-force the key and forge valid tokens. This af...

Dec 20, 2023
CVE-2023-5754
9.1

CVE-2023-5754 allows attackers to gain full administrative control of Sielco PolyEco1000 systems by exploiting weak default credentials through remote...

Oct 26, 2023
CVE-2022-36413
9.1

This vulnerability in Zoho ManageEngine ADSelfService Plus allows attackers to perform brute-force attacks against password reset functionality for ID...

Mar 23, 2023
CVE-2023-35172
8.7

This vulnerability allows attackers to brute-force password reset links in NextCloud Server and NextCloud Enterprise Server, potentially enabling unau...

Jun 23, 2023
CVE-2023-32320
8.7

This vulnerability in Nextcloud Server allows attackers to bypass rate limiting protections by sending parallel requests, enabling brute-force attacks...

Jun 22, 2023
CVE-2025-2417
8.6

This vulnerability allows attackers to bypass authentication in Akinsoft e-Mutabakat software by exploiting insufficient rate limiting on login attemp...

Sep 4, 2025
CVE-2025-2413
8.6

This vulnerability allows attackers to bypass authentication in Akinsoft ProKuafor software by exploiting excessive authentication attempts. It affect...

Sep 2, 2025
CVE-2025-2414
8.6

This vulnerability allows attackers to bypass authentication in Akinsoft OctoCloud by exploiting improper rate limiting on login attempts. Attackers c...

Sep 2, 2025
CVE-2025-2412
8.6

This vulnerability allows attackers to bypass authentication in Akinsoft QR Menu by exploiting improper rate limiting on login attempts. Attackers can...

Sep 1, 2025
CVE-2022-45790
8.6

CVE-2022-45790 is an authentication bypass vulnerability in Omron's FINS protocol that allows brute-force attacks to access protected memory regions. ...

Jan 22, 2024
CVE-2023-3548
8.3

This vulnerability allows unauthorized users to gain account access to IQ Wifi 6 devices by conducting brute force authentication attacks. Attackers c...

Jul 25, 2023
CVE-2026-22278
8.1

Dell PowerScale OneFS versions before 9.13.0.0 have a vulnerability where attackers can bypass authentication rate limiting. Unauthenticated remote at...

Jan 22, 2026
CVE-2025-66204
8.1

WBCE CMS version 1.6.4 has a brute-force protection bypass vulnerability where attackers can modify the X-Forwarded-For header to reset login attempt ...

Dec 9, 2025
CVE-2025-12995
8.1

Medtronic CareLink Network has an API endpoint vulnerable to unauthenticated brute force attacks, allowing attackers to potentially discover valid pas...

Dec 4, 2025
CVE-2025-46414
8.1

This vulnerability allows attackers to brute-force PIN codes for registered products when they have a valid device serial number, potentially gaining ...

Aug 8, 2025
CVE-2024-12039
8.1

This vulnerability allows unauthenticated attackers to reset passwords for any user, including administrators, by brute-forcing a six-digit reset code...

Mar 20, 2025
CVE-2025-23368
8.1

This vulnerability in WildFly Elytron integration allows attackers to perform brute force attacks against CLI authentication due to insufficient rate ...

Mar 4, 2025
CVE-2024-23106
8.1

This vulnerability allows unauthenticated attackers to perform brute force attacks against the FortiClientEMS console by sending excessive authenticat...

Jan 14, 2025
CVE-2023-50123
8.1

CVE-2023-50123 allows attackers to brute force SMS authentication on the Hozard Alarm system v1.0 due to unlimited disarming attempts. This could let ...

Jan 11, 2024
CVE-2022-42478
8.1

CVE-2022-42478 is an authentication brute force vulnerability in FortiSIEM that allows non-privileged users to perform unlimited authentication attemp...

Jun 13, 2023
CVE-2023-32319
8.1

This vulnerability allows attackers to brute-force user credentials on Nextcloud servers via WebDAV endpoints when basic authentication is used and th...

May 26, 2023
CVE-2022-31234
8.1

Dell EMC PowerStore Manager GUI has an authentication rate limiting vulnerability that allows unauthenticated remote attackers to perform password bru...

Jul 21, 2022
CVE-2022-22561
8.1

Dell PowerScale OneFS versions 8.2.x through 9.3.0.x have an authentication rate limiting vulnerability that allows unauthenticated remote attackers t...

Apr 12, 2022
CVE-2022-22553
8.1

Dell EMC AppSync versions 3.9 to 4.3 have an authentication rate limiting vulnerability that allows adjacent unauthenticated attackers to perform pass...

Jan 21, 2022
CVE-2025-54860
7.7

CVE-2025-54860 is a denial-of-service vulnerability in Cognex In-Sight Explorer and In-Sight Camera Firmware where improper handling of telnet login f...

Sep 18, 2025
CVE-2024-49597
7.6

Dell Wyse Management Suite versions 4.4 and earlier have a vulnerability where attackers with high privileges and remote access can bypass protection ...

Nov 26, 2024
CVE-2026-24696
7.5

This vulnerability allows attackers to bypass rate limiting on WebSocket authentication requests, enabling denial-of-service attacks that disrupt legi...

Mar 6, 2026
CVE-2026-27778
7.5

This CVE describes a WebSocket API vulnerability where missing rate limiting on authentication requests allows attackers to conduct denial-of-service ...

Mar 6, 2026
CVE-2026-27521
7.5

This vulnerability in Binardat 10G08-0800GSM network switches allows attackers to perform brute-force attacks against login credentials due to missing...

Feb 24, 2026
CVE-2025-67853
7.5

This vulnerability in Moodle allows remote attackers to bypass rate limiting on confirmation email services, enabling brute-force attacks against user...

Feb 3, 2026
CVE-2025-53968
7.5

This vulnerability allows attackers to perform unlimited authentication attempts, enabling brute-force attacks to gain unauthorized access and causing...

Jan 22, 2026
CVE-2025-59113
7.5

Windu CMS version 4.1 has weak client-side brute-force protection that stores login attempt information in a client-side parameter instead of server-s...

Nov 18, 2025
CVE-2025-62399
7.5

CVE-2025-62399 allows attackers to perform brute-force attacks against Moodle's mobile and web service authentication endpoints due to insufficient ra...

Oct 23, 2025
CVE-2025-35041
7.5

Airship AI Acropolis has a vulnerability that allows unlimited MFA code attempts for 15 minutes after successful login. Attackers with valid credentia...

Sep 22, 2025

About CWE-307 (CWE-307)

Our database tracks 176 CVEs classified as CWE-307, with 69 rated critical and 71 rated high severity. The average CVSS score for CWE-307 vulnerabilities is 8.1.

External reference: View CWE-307 on MITRE CWE →

Monitor CWE-307 Vulnerabilities

Get alerted when new CWE-307 CVEs affect your infrastructure.

Start Monitoring Free