The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
138 vulnerabilities with CWE-305
CVE-2025-27370
MEDIUM
OpenID Connect Core <1.0 - Command Injection
CVSS 6.9
CVE-2025-23017
MEDIUM
WorkOS Hosted AuthKit <2025-01-07 - Auth Bypass
CVSS 6.0
CVE-2024-49587
CRITICAL
Glutton V1 - Info Disclosure
CVSS 9.1
CVE-2024-12776
HIGH
langgenius/dify <0.10.1 - RCE
CVSS 8.1
CVE-2024-12054
MEDIUM
ZF RSSPlus - Auth Bypass
CVSS 5.4
CVE-2024-42513
MEDIUM
OPC UA .NET Standard Stack <1.5.374.158 - Auth Bypass
CVSS 5.3
CVE-2024-51738
HIGH
Sunshine <0.23.1 - MITM
CVSS 8.1
CVE-2024-12802
CRITICAL
SonicWALL SSL-VPN - MFA Bypass
CVSS 9.1
CVE-2024-12582
HIGH
Skupper Console - Info Disclosure
CVSS 7.1
CVE-2024-10394
HIGH
OpenAFS - Privilege Escalation
CVSS 7.8
CVE-2024-10082
HIGH
CodeChecker <6.24.1 - Privilege Escalation
CVSS 8.7
CVE-2024-50478
CRITICAL
Swoopnow 1-click Login - Authentication Bypass
CVSS 9.8
CVE-2024-9683
MEDIUM
Quay - Auth Bypass
CVSS 4.8
CVE-2024-20463
MEDIUM
Cisco ATA 190 Series - Unauthenticated RCE
CVSS 5.4
CVE-2024-8642
HIGH
Eclipse Dataspace Components <0.9.0 - Auth Bypass
CVSS 8.1
CVE-2024-5957
MEDIUM
Manager - Auth Bypass
CVSS 6.3
CVE-2024-5956
MEDIUM
Trellix IPS Manager - Auth Bypass
CVSS 6.5
CVE-2024-7557
HIGH
Redhat Openshift AI - Improper Access Control
CVSS 8.8
CVE-2024-4784
MEDIUM
GitLab EE <17.0.6-17.2.2 - Auth Bypass
CVSS 4.2
CVE-2024-6637
HIGH
WooCommerce - Social Login <2.7.3 - Privilege Escalation
CVSS 7.3
CVE-2024-38433
MEDIUM
Nuvoton - Authentication Bypass
CVSS 6.7
CVE-2024-39899
MEDIUM
PrivateBin v1.5 - SSRF
CVSS 5.3
CVE-2024-37085
MEDIUM
KEV
Vmware Esxi < 5.2 - Authentication Bypass
CVSS 6.8
CVE-2024-36388
CRITICAL
MileSight DeviceHub - Info Disclosure
CVSS 10.0
CVE-2024-34077
HIGH
MantisBT - Privilege Escalation
CVSS 7.3
Details
Vulnerabilities
138