QSearchQSearch

CVE-2021-3663

7.5 HIGH

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

Published: 2021-07-25 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-307

Affected products

VendorProduct
firefly-iiifirefly_iii

Description

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-3901 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) (8.8 HIGH)
  • CVE-2021-3900 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) (6.5 MEDIUM)
  • CVE-2021-3851 firefly-iii is vulnerable to URL Redirection to Untrusted Site (5.4 MEDIUM)
  • CVE-2021-3846 firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type (8.8 HIGH)
  • CVE-2021-3819 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) (8.8 HIGH)

Same CWE

  • CVE-2026-6853 Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd (9.8 CRITICAL)
  • CVE-2026-3329 A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository v...
  • CVE-2026-43926 FOSSBilling is a free, open-source billing and client management system
  • CVE-2026-36612 Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 1... (6.4 MEDIUM)
  • CVE-2026-36607 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change e... (8.8 HIGH)