Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 115

115 vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33472 Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass) — cryptomator 4.8 Medium2026-04-16
CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability — Cisco Secure Web Appliance 5.3 Medium2026-04-15
CVE-2026-33892 Siemens Industrial Edge Management 安全漏洞 — Industrial Edge Management Pro V1 7.1 High2026-04-14
CVE-2026-40039 Pachno 1.0.6 Open Redirection via return_to Parameter — Pachno 6.5 Medium2026-04-13
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL — mantisbt 9.8 -2026-03-23
CVE-2025-31703 Dahua NVR和Dahua XVR 安全漏洞 — NVR2-4KS3 6.8 -2026-03-18
CVE-2026-3047 Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login — Red Hat build of Keycloak 26.2 8.8 High2026-03-05
CVE-2026-28536 Huawei HarmonyOS 安全漏洞 — HarmonyOS 9.6 Critical2026-03-05
CVE-2026-1713 IBM MQ is affected by an authority vulnerablility — MQ 6.8AIMediumAI2026-03-03
CVE-2026-0869 Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 — ASCG 8.1AIHighAI2026-03-03
CVE-2026-22153 Fortinet FortiOS 安全漏洞 — FortiOS 7.5 High2026-02-10
CVE-2025-58382 Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a — Fabric OS 7.2AIHighAI2026-02-03
CVE-2025-4320 Information Disclosure in Birebirsoft's Sufirmam — Sufirmam 10.0 Critical2026-01-23
CVE-2025-68609 Authentication bypass in Aries due to misconfiguration — com.palantir.aries:aries 6.6 Medium2026-01-22
CVE-2026-1290 [PI141230] Fixed A broken access control issue. — Jamf Pro 9.8AICriticalAI2026-01-21
CVE-2025-13915 Authentication bypass in IBM API Connect — API Connect 9.8 Critical2025-12-26
CVE-2024-49587 Glutton V1 endpoints missing authentication — com.palantir.gotham:glutton 9.1 Critical2025-12-19
CVE-2025-68435 Zerobyte has Authentication Bypass by Primary Weakness — zerobyte 9.1 Critical2025-12-17
CVE-2025-41733 Possible malfunction credential injection — Energy-Controlling EWIO2-M 9.8 Critical2025-11-18
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling — mantisbt 9.8AICriticalAI2025-11-04
CVE-2025-36386 There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics — IBM Maximo Application Suite 9.8 Critical2025-10-28
CVE-2025-62772 Mercku M6a 安全漏洞 — M6a 3.1 Low2025-10-22
CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed — Junos OS 6.5 Medium2025-10-09
CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass — go-f3 5.9 Medium2025-09-29
CVE-2025-54622 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.3 High2025-08-06
CVE-2025-53534 RatPanel can perform remote command execution without authorization — panel 9.8AICriticalAI2025-08-05
CVE-2025-31965 HCL BigFix Remote Control is affected by an authorization bypass vulnerability — BigFix Remote Control 8.2 High2025-07-29
CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout — filebrowser 9.8AICriticalAI2025-07-15
CVE-2025-53167 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.9 Medium2025-07-07
CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass — filebrowser 3.1 Low2025-06-30

Vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.