Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-302 (使用假设不可变数据进行的认证绕过) — Vulnerability Class 28

28 vulnerabilities classified as CWE-302 (使用假设不可变数据进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid — zitadel 4.3 Medium2026-02-26
CVE-2024-45370 Socomec Easy Config System 安全漏洞 — Easy Config System 7.3 High2025-12-01
CVE-2025-47158 Azure DevOps Server Elevation of Privilege Vulnerability — Azure DevOps 9.0 Critical2025-07-18
CVE-2025-20285 Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vulnerability — Cisco Identity Services Engine Software 4.1 Medium2025-07-16
CVE-2025-46647 Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect — Apache APISIX 7.5AIHighAI2025-07-02
CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability — Azure DevOps 10.0 Critical2025-05-08
CVE-2025-26522 Authentication Bypass Vulnerability in RupeeWeb trading platform — RupeeWeb 8.1 -2025-02-14
CVE-2024-56404 One Identity Identity Manager 安全漏洞 — Identity Manager 9.9 Critical2025-01-24
CVE-2024-12838 Changing Information Technology CGFIDO - Authentication Bypass — CGFIDO 8.8 High2024-12-31
CVE-2024-43441 Apache HugeGraph-Server: Fixed JWT Token(Secret) — Apache HugeGraph-Server 9.8 -2024-12-24
CVE-2024-8475 Protection Mechanism Failure in Digital Operation Services' WiFiBurada — WiFiBurada 6.5 Medium2024-12-17
CVE-2024-49056 Airlift.microsoft.com Elevation of Privilege Vulnerability — airlift.microsoft.com 7.3 High2024-11-12
CVE-2024-47086 OTP Bypass Vulnerability — LD DP Back Office 6.5AIMediumAI2024-09-19
CVE-2024-3462 Authorization bypass in Ant Media Server — Ant Media Server Community Edition 5.3 -2024-05-13
CVE-2024-4024 Authentication Bypass by Assumed-Immutable Data in GitLab — GitLab 7.3 High2024-04-25
CVE-2024-22179 Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data — Compact DAB Transmitter 7.5 High2024-04-18
CVE-2024-3741 Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data — Compact DAB Transmitter 7.5 High2024-04-18
CVE-2023-47127 Weak Authentication in Session Handling in typo3/cms-core — typo3 4.2 Medium2023-11-14
CVE-2023-4612 MFA bypass in Apereo CAS — CAS 9.1 -2023-11-09
CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001 — SYSGuard 3001 9.8 Critical2023-09-14
CVE-2022-3875 Click Studios Passwordstate API authentication bypass by assumed-immutable data — Passwordstate 7.3 High2022-12-19
CVE-2022-40703 AliveCor KardiaMobile 授权问题漏洞 — Kardia App 5.2 Medium2022-10-26
CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload — Linux Kernel 6.9 Medium2022-08-12
CVE-2022-22729 Yokogawa Exaopc 授权问题漏洞 — CENTUM CS 3000 9.8 -2022-03-11
CVE-2021-1561 Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability — Cisco Content Security Management Appliance (SMA) 5.4 Medium2021-08-18
CVE-2021-1399 Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability — Cisco Unified Communications Manager 4.3 Medium2021-04-08
CVE-2020-15074 OpenVPN 代码问题漏洞 — OpenVPN Access Server 7.5 -2020-07-14
CVE-2016-9482 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass — Generator 9.8 -2018-07-13

Vulnerabilities classified as CWE-302 (使用假设不可变数据进行的认证绕过) represent 28 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.