Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-837 — Vulnerability Class 14

14 vulnerabilities classified as CWE-837. AI Chinese analysis included.

CWE-837 represents a logic flaw where an application fails to properly restrict an actor from performing a specific action more than once. This weakness typically manifests in scenarios requiring single-use operations, such as online voting, refund requests, or digital purchases. Attackers exploit this vulnerability by repeatedly submitting identical requests, often through automated scripts or by manipulating network traffic to bypass client-side checks. This can lead to significant financial loss, data integrity issues, or service denial. Developers mitigate this risk by implementing robust server-side validation mechanisms that track unique identifiers for each transaction. By maintaining a persistent state or database record of completed actions, systems can effectively reject duplicate submissions, ensuring that critical operations remain strictly single-use regardless of client behavior.

MITRE CWE Description
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction. In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to "stuff the ballot box" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the product.
Common Consequences (1)
OtherVaries by Context
An attacker might be able to gain advantage over other users by performing the action multiple times, or affect the correctness of the product.
CVE IDTitleCVSSSeverityPublished
CVE-2026-44601 Tor 安全漏洞 — Tor 3.7 Low2026-05-07
CVE-2025-62784 InventoryGui allows item duplication in GUIs which use GuiStorageElement — InventoryGui 4.3AIMediumAI2025-10-27
CVE-2025-62783 InventoryGui affected by item duplication in GUIs which use GuiStorageElement — InventoryGui 5.0 Medium2025-10-27
CVE-2025-62782 InventoryGUI vulnerable to item duplication via Bundle items when using GuiStorageElement — InventoryGui 4.3AIMediumAI2025-10-27
CVE-2025-54315 Matrix 安全漏洞 — Matrix specification 7.1 High2025-10-02
CVE-2025-58135 Zoom Workplace Clients for Windows - Improper Action Enforcement — Zoom Workplace Clients for Windows 5.3 Medium2025-09-09
CVE-2024-11301 Improper Enforcement of Unique Constraint in lunary-ai/lunary — lunary-ai/lunary 8.2 -2025-03-20
CVE-2024-11717 CTFd 安全漏洞 — CTFd 9.8 -2025-01-02
CVE-2024-11716 CTFd 安全漏洞 — CTFd 4.3 -2025-01-02
CVE-2024-4629 Keycloak: potential bypass of brute force protection 6.5 Medium2024-09-03
CVE-2023-6759 Thecosy IceCMS Love resource improper enforcement of a single, unique action — IceCMS 5.3 Medium2023-12-13
CVE-2023-6467 Thecosy IceCMS Comment Like improper enforcement of a single, unique action — IceCMS 3.1 Low2023-12-02
CVE-2023-6438 Thecosy IceCMS Like improper enforcement of a single, unique action — IceCMS 4.3 Medium2023-11-30
CVE-2023-5313 phpkobo Ajax Poll Script ajax-poll.php improper enforcement of a single, unique action — Ajax Poll Script 5.3 Medium2023-09-30

Vulnerabilities classified as CWE-837 represent 14 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.