Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-305

CWE-305

Authentication Bypass by Primary Weakness

Parent: CWE-1390 - Weak Authentication

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

146 vulnerabilities with CWE-305

CVE-2024-7557 HIGH

Red Hat OpenShift AI - Authentication Bypass and Privilege Escalation via ServiceAccount Token Exposure

CVE-2024-4784 MEDIUM

GitLab EE <17.0.6-17.2.2 - Auth Bypass

CVE-2024-6637 HIGH

WooCommerce - Social Login <2.7.3 - Privilege Escalation

CVE-2024-38433 MEDIUM

Nuvoton NPCM7xx Firmware < 10.10.19 - Authentication Bypass and Arbitrary Code Execution via U-Boot Image Header

CVE-2024-39899 MEDIUM

PrivateBin 1.5.0-1.7.3 - Authentication Bypass via YOURLS Proxy URL Validation

CVE-2024-37085 MEDIUM KEV

VMware ESXi - Authentication Bypass via Recreated Active Directory Group

CVE-2024-36388 CRITICAL

MileSight DeviceHub - Info Disclosure

CVE-2024-34077 HIGH

MantisBT < 2.26.2 - Unauthenticated Account Takeover via Password Reset Token Reuse

CVE-2024-20378 HIGH

Cisco IP Phone 6821/6841/6851/6861/6871/7811 < 12.0.4 - Unauthenticated Information Disclosure

CVE-2024-3847 MEDIUM

Google Chrome <124.0.6367.60 - Auth Bypass

CVE-2024-1202 CRITICAL

XPodas Octopod < v1 - Authentication Bypass

CVE-2024-1403 CRITICAL

OpenEdge < 11.7.19 - Authentication Bypass via Credential Handling Failure

CVE-2024-20015 HIGH

Android - Local Privilege Escalation via Telephony Permissions Bypass

CVE-2024-20674 HIGH

Windows Kerberos - Privilege Escalation

CVE-2023-46611 MEDIUM

YOP Poll < 6.5.28 - Authentication Bypass via Broken CAPTCHA Control

CVE-2023-20154 CRITICAL

Cisco Modeling Labs 2.3-2.5.1 - Authentication Bypass via External Auth Server Message Handling

CVE-2023-41920 CRITICAL

Kiloview P1/P2 - Authentication Bypass via Hardcoded IP

CVE-2023-4727 HIGH

Red Hat Certificate System 10.4 EUS for RHEL-8 - Authentication Bypass via LDAP Injection

CVE-2023-6153 CRITICAL

TeoSOFT Software TeoBASE <20240327 - Auth Bypass

CVE-2023-7103 CRITICAL

ZKSoftware UFace 5 <= 12022024 - Authentication Bypass

CVE-2023-6998 HIGH

CoolKit Technology eWeLink <5.2.0 - Privilege Escalation

CVE-2023-4939 MEDIUM

SALESmanago < 3.2.4 - Unauthenticated Log Injection via Weak Callback API Token

CVE-2023-4501 CRITICAL

OpenText (Micro Focus) Visual COBOL <9.0 - Auth Bypass

CVE-2023-4898 HIGH

mintplex-labs/anything-llm <0.0.1 - Auth Bypass

CVE-2023-36497 HIGH

Dover Fueling Solutions MAGLINK LX Web Console Configuration <3.3 -...

Previous Page 4 of 6 Next

Details

Vulnerabilities 146

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy