CVE-2024-34695

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-799
View all →

Vulnerability Description

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1.

Related Vulnerabilities

CVE-2024-57603

MEDIUM
CVSS:6.3(Medium)

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.

CWE-7992024

CVE-2020-5141

MEDIUM
CVSS:6.5(Medium)

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5...

CWE-7992020

CVE-2023-27279

MEDIUM
CVSS:6.5(Medium)

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.

CWE-7992023

CVE-2023-40673

MEDIUM
CVSS:6.5(Medium)

: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02.

CWE-7992023

CVE-2024-51557

HIGH
CVSS:6.5(Medium)

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP req...

CWE-7992024

CVE-2016-6543

MEDIUM
CVSS:5.9(Medium)

A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.

CWE-7992016