Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-289 (使用候选名称进行的认证绕过) — Vulnerability Class 21

21 vulnerabilities classified as CWE-289 (使用候选名称进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization — Red Hat Hardened Images 3.7 Low2026-04-03
CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels — OpenClaw 6.5 Medium2026-03-19
CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems — Apache Shiro 7.5 -2026-02-09
CVE-2026-24058 Soft Serve has Critical Authentication Bypass — soft-serve 8.1AIHighAI2026-01-22
CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting — Red Hat build of Keycloak 26.4 6.0 Medium2025-12-16
CVE-2025-13613 Elated Membership <= 1.2 - Authentication Bypass via Social Login — Elated Membership 9.8 Critical2025-12-10
CVE-2025-64521 authentik deactivated service accounts can authenticate to OAuth — authentik 4.8 Medium2025-11-19
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation — constructor 7.8 High2025-11-07
CVE-2025-8415 Cryostat: authentication bypass if network policies are disabled — Cryostat 5.9 Medium2025-08-20
CVE-2025-29266 Unraid 安全漏洞 — Unraid 9.6 Critical2025-03-31
CVE-2024-11283 WP JobHunt <= 7.1 - Authentication Bypass to Candidate — WP JobHunt 7.5 High2025-03-14
CVE-2024-56511 DataEase has an unauthorized vulnerability — dataease 9.1 -2025-01-10
CVE-2024-2098 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary — Download Manager 7.5 High2024-06-13
CVE-2023-51663 Hail authentication can be bypassed by changing email address — hail 5.3 Medium2023-12-29
CVE-2023-41890 Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation — Saml2 7.5 High2023-09-19
CVE-2023-3263 Dataprobe 授权问题漏洞 — iBoot PDU 7.5 High2023-08-14
CVE-2023-38487 HedgeDoc API allows to hide existing notes — hedgedoc 6.5 Medium2023-08-04
CVE-2023-20046 Cisco StarOS 安全漏洞 — Cisco ASR 5000 Series Software 8.8 High2023-05-09
CVE-2023-1803 Authentication Bypass in Redline Router — Redline Router 9.8 Critical2023-04-14
CVE-2021-34746 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability — Cisco Enterprise NFV Infrastructure Software 9.8 Critical2021-09-02
CVE-2017-16590 Netgain Enterprise Manager 安全漏洞 — NetGain Systems Enterprise Manager 8.8 -2018-01-23

Vulnerabilities classified as CWE-289 (使用候选名称进行的认证绕过) represent 21 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.