Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-799 (交互频率的控制不恰当) — Vulnerability Class 44

44 vulnerabilities classified as CWE-799 (交互频率的控制不恰当). AI Chinese analysis included.

CWE-799 represents a critical input validation weakness where software fails to restrict the rate or volume of interactions with external actors, whether human users or automated bots. Attackers typically exploit this vulnerability by flooding the system with rapid-fire requests, aiming to exhaust server resources and trigger a denial-of-service condition, or to bypass logical safeguards like rate-limited login attempts. To mitigate this risk, developers must implement robust rate-limiting mechanisms and throttling controls at both the application and network layers. By enforcing strict thresholds on request frequency, systems can effectively distinguish between legitimate traffic and malicious abuse, ensuring service availability and preserving the integrity of business logic against automated exploitation attempts.

MITRE CWE Description
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.
Common Consequences (1)
Availability, Access Control, OtherDoS: Resource Consumption (Other), Bypass Protection Mechanism, Other
Examples (1)
In the following code a username and password is read from a socket and an attempt is made to authenticate the username and password. The code will continuously checked the socket for a username and password until it has been authenticated.
char username[USERNAME_SIZE]; char password[PASSWORD_SIZE]; while (isValidUser == 0) { if (getNextMessage(socket, username, USERNAME_SIZE) > 0) { if (getNextMessage(socket, password, PASSWORD_SIZE) > 0) { isValidUser = AuthenticateUser(username, password); } } } return(SUCCESS);
Bad · C
int count = 0; while ((isValidUser == 0) && (count < MAX_ATTEMPTS)) { if (getNextMessage(socket, username, USERNAME_SIZE) > 0) { if (getNextMessage(socket, password, PASSWORD_SIZE) > 0) { isValidUser = AuthenticateUser(username, password); } } count++; } if (isValidUser) { return(SUCCESS); } else { return(FAIL); }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-7402 Improper Rate Limiting in MeWare Software's PDKS — PDKS 8.1 High2026-04-30
CVE-2026-41346 OpenClaw 2026.2.26 < 2026.3.31 - Denial of Service via Improper Pending Pairing Request Cap Enforcement — OpenClaw 5.3 Medium2026-04-23
CVE-2026-41343 OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency — OpenClaw 5.3 Medium2026-04-23
CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken — OpenClaw 3.7 Low2026-04-23
CVE-2025-55268 HCL Aftermarket DPC is affected by Spamming Vulnerability — Aftermarket DPC 4.3 Medium2026-03-26
CVE-2025-13212 IBM Aspera Console Denial of Service — Aspera Console 5.3 Medium2026-03-13
CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass — wpDiscuz 6.5 Medium2026-03-13
CVE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint — parse-server 5.3AIMediumAI2026-03-10
CVE-2026-24017 Fortinet FortiWeb 安全漏洞 — FortiWeb 7.3 High2026-03-10
CVE-2025-13211 IBM Aspera Orchestrator Denial of Service — Aspera Orchestrator 5.3 Medium2025-12-11
CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments — fides 7.5AIHighAI2025-09-08
CVE-2024-47065 Traceroute_APP responses are not rate-limited. — firmware 5.3AIMediumAI2025-07-11
CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File — komga 4.2 Medium2025-06-24
CVE-2025-52570 Letmein connection limiter allows an arbitrary amount of simultaneous connections — letmein 6.5AIMediumAI2025-06-24
CVE-2025-48016 Improper Control of Interaction Frequency — SEL-5056 Software-Defined Network Flow Controller 4.3 Medium2025-05-20
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse — shopware 6.5AIMediumAI2025-04-09
CVE-2025-29998 No Rate Limiting Vulnerability in CAP back office application — CAP back office application 8.1 -2025-03-13
CVE-2025-26524 No Rate Limiting Vulnerability in RupeeWeb trading platform — RupeeWeb 8.1 -2025-02-14
CVE-2024-13274 Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038 — Open Social 9.8 -2025-01-09
CVE-2024-51557 No Rate Limiting Vulnerability in Wave 2.0 — Wave 2.0 8.1AIHighAI2024-11-04
CVE-2024-47654 No Rate Limiting vulnerability — Client Dashboard 9.1 -2024-10-04
CVE-2024-9199 Rate limit vulnerability in Clibo Manager — Clibo Manager 5.8 Medium2024-09-26
CVE-2024-45788 No Rate Limiting Vulnerability — Mutual Fund Distribution Product (aiM-Star) 8.1AIHighAI2024-09-11
CVE-2024-32943 Westermo L210-F2G Lynx Improper Control of Interaction Frequency — L210-F2G Lynx 7.5 High2024-06-20
CVE-2024-35246 Westermo L210-F2G Lynx Improper Control of Interaction Frequency — L210-F2G Lynx 7.5 High2024-06-20
CVE-2024-0094 CVE — vGPU software and Cloud Gaming 5.5 Medium2024-06-13
CVE-2023-51544 WordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability — RegistrationMagic 5.3 Medium2024-06-04
CVE-2023-40673 WordPress Cartpauj Register Captcha plugin <= 1.0.02 - Captcha Bypass vulnerability — Cartpauj Register Captcha 6.5 Medium2024-06-04
CVE-2023-40332 WordPress WP-PostRatings plugin <= 1.91 - Rating limit Bypass vulnerability — WP-PostRatings 5.3 Medium2024-06-04
CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability — CP Polls 5.3 Medium2024-05-17

Vulnerabilities classified as CWE-799 (交互频率的控制不恰当) represent 44 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.