Description
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.
Extended Description
In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to "stuff the ballot box" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the product.
CVE vulnerabilities with CWE-837 (16)
8.1
CVSS
HIGH
CVE-2026-42609
pub. 2026-05-11
7.1
CVSS
HIGH
CVE-2025-54315
pub. 2025-10-02
6.5
CVSS
MEDIUM
CVE-2024-11301
pub. 2025-03-20
6.5
CVSS
MEDIUM
CVE-2024-4629
pub. 2024-09-03
6.3
CVSS
MEDIUM
CVE-2024-11717
pub. 2025-01-02
5.9
CVSS
MEDIUM
CVE-2025-62782
pub. 2025-10-27
5.3
CVSS
MEDIUM
CVE-2025-62784
pub. 2025-10-27
5.3
CVSS
MEDIUM
CVE-2025-58135
pub. 2025-09-09
5.3
CVSS
MEDIUM
CVE-2024-11716
pub. 2025-01-02
5.3
CVSS
MEDIUM
CVE-2024-12123
pub. 2024-12-04
5.3
CVSS
MEDIUM
CVE-2023-6759
pub. 2023-12-13
5.3
CVSS
MEDIUM
CVE-2023-5313
pub. 2023-09-30
5.0
CVSS
MEDIUM
CVE-2025-62783
pub. 2025-10-27
4.3
CVSS
MEDIUM
CVE-2023-6438
pub. 2023-11-30
3.7
CVSS
LOW
CVE-2026-44601
pub. 2026-05-07
3.1
CVSS
LOW
CVE-2023-6467
pub. 2023-12-02