Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-305

CWE-305

Authentication Bypass by Primary Weakness

Parent: CWE-1390 - Weak Authentication

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

146 vulnerabilities with CWE-305

CVE-2026-25555 CRITICAL

OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header

CVE-2026-9798 MEDIUM

Keycloak: keycloak: brute-force protection bypass in ciba flow

CVE-2026-9047 HIGH

Devolutions Server < 2026.1.16.0 - Authentication Bypass by Primary Weakness

CVE-2026-41054 HIGH

Missing exit out of permission check in haveged could lead to root exploit

CVE-2026-6334 LOW

OAuth authorization code client binding not enforced during token redemption in Mattermost

CVE-2026-2652 HIGH

Authentication Bypass in mlflow/mlflow

CVE-2026-6266 HIGH

Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

CVE-2026-4670 CRITICAL

Improper Authentication vulnerability in Progress MOVEit Automation

CVE-2026-40582 CRITICAL

ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout

CVE-2026-33472 MEDIUM

Cryptomator 1.19.1 - OAuth Token Exchange HTTP Downgrade

CVE-2026-20152 MEDIUM

Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability

CVE-2026-33892 HIGH

Siemens Industrial Edge Management Pro V1 <V1.15.17 - Auth Bypass

CVE-2026-40039 MEDIUM

Pachno 1.0.6 Open Redirection via return_to Parameter

CVE-2026-33496 HIGH

Ory Oathkeeper <26.2.0 oauth2_introspection - Authentication Bypass

CVE-2026-3591 MEDIUM

BIND 9 - ACL Bypass via SIG(0) Use-After-Return

CVE-2026-30849 CRITICAL

MantisBT < 2.28.1 - Authentication Bypass via SOAP API Password Parameter

CVE-2026-32730 HIGH

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

CVE-2026-3784 MEDIUM

curl 7.7-8.18.0 - Authentication Bypass via HTTP Proxy Connection Reuse

CVE-2026-1965 MEDIUM

curl 7.10.6-8.19.0 - Authentication Bypass via Negotiate Connection Reuse

CVE-2026-3047 HIGH

Keycloak SAML Broker - Authentication Bypass via Disabled IdP-Initiated Client

CVE-2026-28536 CRITICAL

Device Authentication Module - Auth Bypass

CVE-2026-1713 MEDIUM

IBM MQ 9.1.0.0-9.4.4.1 - Privilege Escalation

CVE-2026-0869 HIGH

Brocade Active Support Connectivity Gateway 3.4.0 - Unauthenticated Authentication Bypass

CVE-2026-22153 HIGH

FortiOS 7.6.0-7.6.4 - Unauthenticated Authentication Bypass via LDAP Configuration

CVE-2026-1290 MEDIUM

Jamf Pro 11.20-11.24 - Authentication Bypass

Page 1 of 6 Next

Details

Vulnerabilities 146

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy