Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-303 (认证算法的不正确实现) — Vulnerability Class 67

67 vulnerabilities classified as CWE-303 (认证算法的不正确实现). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27656 Account Takeover via Substring Matching in OpenID Connect Authentication — Mattermost 5.7 Medium2026-03-25
CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation — tkeyclient 7.5 -2026-03-20
CVE-2026-29515 MiCode FileExplorer SwiFTP Server Authentication Bypass — FileExplorer 9.8AICriticalAI2026-03-11
CVE-2019-25436 Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass — DeviceViewer 6.5 Medium2026-02-20
CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled — Mattermost 5.4 Medium2026-02-16
CVE-2025-14510 ABB Ability OPTIMAX Authentication Bypass in Single-Sign On — ABB Ability OPTIMAX 8.1 High2026-01-16
CVE-2025-4676 Authentication bypass by brute forcing Authentication Headers — WebPro SNMP Card PowerValue 8.8 High2026-01-07
CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery. — Mattermost 7.2 High2025-12-22
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks — cal.com 9.8AICriticalAI2025-12-03
CVE-2025-13390 WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover — WP Directory Kit 10.0 Critical2025-12-03
CVE-2025-12421 Account Takeover via Code Exchange Endpoint — Mattermost 9.9 Critical2025-11-27
CVE-2025-12419 Account takeover on OAuth/OpenID-enabled servers — Mattermost 9.9 Critical2025-11-27
CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 8.4 High2025-10-14
CVE-2025-61783 Python Social Auth - Django has unsafe account association — social-app-django 9.1AICriticalAI2025-10-09
CVE-2025-43727 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release 7.5 High2025-10-07
CVE-2025-57808 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header — esphome 8.1 High2025-09-02
CVE-2025-43856 immich allows account hijacking through oauth2 — immich 8.8AIHighAI2025-07-11
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack — signxml 9.1AICriticalAI2025-06-02
CVE-2025-3230 Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server — Mattermost 5.4 Medium2025-05-30
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts — Mattermost 4.2 Medium2025-05-30
CVE-2025-2475 Unauthorized Bot Login Using Credentials — Mattermost 5.4 Medium2025-04-14
CVE-2024-8314 Improper session handling in B&R APROL — APROL 8.8AIHighAI2025-03-25
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin — glpi 8.8 -2025-02-25
CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability — Windows 11 Version 24H2 9.8 Critical2025-01-14
CVE-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption — Apache Kafka 7.5 -2024-12-18
CVE-2024-10127 Support for authentication bypass condition in M-Files LDAP authentication — M-Files Server 8.1AIHighAI2024-11-20
CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server — WS_FTP Server 6.5 Medium2024-11-12
CVE-2024-36250 MFA Code Replay — Mattermost 3.1 Low2024-11-09
CVE-2024-10214 Incorrect Session Creation with Desktop SSO — Mattermost 3.5 Low2024-10-28
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied — Eclipse EDC Connector 7.5AIHighAI2024-09-11

Vulnerabilities classified as CWE-303 (认证算法的不正确实现) represent 67 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.