Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-304 (认证中关键步骤缺失) — Vulnerability Class 27

27 vulnerabilities classified as CWE-304 (认证中关键步骤缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification — Apache HttpClient 9.1AICriticalAI2026-04-22
CVE-2025-43798 Liferay DXP 安全漏洞 — DXP 8.8AIHighAI2025-09-15
CVE-2025-24322 Tenda AC6 安全漏洞 — AC6 V5.0 8.1 High2025-08-20
CVE-2025-55138 LinkJoin 安全漏洞 — LinkJoin 7.4 High2025-08-07
CVE-2024-52965 Fortinet FortiOS和Fortinet FortiProxy 安全漏洞 — FortiOS 6.8 High2025-07-08
CVE-2025-5715 Signal App Biometric Authentication missing critical step in authentication — App 3.8 Low2025-06-06
CVE-2025-43014 JetBrains Toolbox App 安全漏洞 — Toolbox App 6.1 Medium2025-04-17
CVE-2024-9216 Authentication Bypass in gaizhenbiao/ChuanhuChatGPT — gaizhenbiao/chuanhuchatgpt 7.1 -2025-03-20
CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi — transformeroptimus/superagi 8.2 -2025-03-20
CVE-2024-8954 Authentication Bypass in composiohq/composio — composiohq/composio 9.8 -2025-03-20
CVE-2024-11302 Missing check_access in lollms_binding_infos in parisneo/lollms — parisneo/lollms 9.1 -2025-03-20
CVE-2024-12136 Improper Access Control in Elfatek Elektronics' ANKA JPD-00028 — ANKA JPD-00028 6.9 Medium2025-03-19
CVE-2024-20153 MediaTek Chipsets 安全漏洞 — MT2737, MT6989, MT6991, MT7925, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 7.5 -2025-01-06
CVE-2024-45764 Dell Enterprise SONiC OS 安全漏洞 — Enterprise SONiC OS 9.0 Critical2024-11-08
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server — WS_FTP Server 6.5 Medium2024-08-28
CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation — Web Application Firewall – website security 9.8 Critical2024-03-13
CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api — Red Hat Data Grid 8.4.4 4.3 Medium2023-12-18
CVE-2023-3628 Infispan: rest bulk ops don't check permissions — Red Hat Data Grid 8.4.4 6.5 Medium2023-12-18
CVE-2023-22833 Mandatory control bypass in Lime2 — com.palantir.lime:lime2 7.6 High2023-06-06
CVE-2022-39360 Metabase SSO users able to circumvent IdP login by doing password reset — metabase 6.5 Medium2022-10-26
CVE-2022-40622 WAVLINK Quantum D4G (WN531G3) Session Management by IP Address — WN531G3 8.8 -2022-09-13
CVE-2022-2821 Missing Critical Step in Authentication in namelessmc/nameless — namelessmc/nameless 7.5 -2022-08-15
CVE-2022-2302 LENZE: Missing password verification in authorisation procedure — cabinet c520 9.8 Critical2022-07-11
CVE-2022-1065 Multi Factor Authentication Bypass in various versions of Abacus ERP — Abacus ERP 8.1 High2022-04-19
CVE-2021-41179 Two-Factor Authentication not enforced for pages marked as public — security-advisories 6.5 Medium2021-10-25
CVE-2019-16766 2FA bypass in Wagtail through new device path — wagtail-2fa 8.7 High2019-11-29
CVE-2011-3172 unix2_chkpwd do not check for a valid account — SUSE Linux Enterprise 9.8 -2018-06-08

Vulnerabilities classified as CWE-304 (认证中关键步骤缺失) represent 27 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.