CVE-2025-29998

HIGH Year: 2025
Weakness Type
CWE-799
View all →

Vulnerability Description

This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

Related Vulnerabilities

CVE-2023-40332

CRITICAL
CVSS:9.8(Critical)

Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.

CWE-7992023

CVE-2024-48942

CRITICAL
CVSS:9.1(Critical)

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidati...

CWE-7992024

CVE-2021-41177

HIGH
CVSS:8.1(High)

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any com...

CWE-7992021

CVE-2021-32705

HIGH
CVSS:7.5(High)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed ...

CWE-7992021

CVE-2023-35621

HIGH
CVSS:7.5(High)

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

CWE-7992023

CVE-2024-32943

HIGH
CVSS:7.5(High)

An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.

CWE-7992024