CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 115

115 vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-6637	WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password — WooCommerce - Social Login	7.3	High	2024-07-20
CVE-2024-38433	Nuvoton - CWE-305: Authentication Bypass by Primary Weakness — NPCM7xx (Poleg) BootBlock	6.7	Medium	2024-07-11
CVE-2024-39899	PrivateBin allows shortening of URLs for other domains — PrivateBin	5.3	Medium	2024-07-09
CVE-2023-41920	Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices — P1/P2	9.8	Critical	2024-07-02
CVE-2023-4727	Ca: token authentication bypass vulnerability	7.5	High	2024-06-11
CVE-2024-36388	MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function — DeviceHub	10.0	Critical	2024-06-02
CVE-2024-34077	MantisBT user account takeover in the signup/reset password process — mantisbt	7.3	High	2024-05-13
CVE-2024-20378	Cisco IP Phone 安全漏洞 — Cisco IP Phones with Multiplatform Firmware	7.5	High	2024-05-01
CVE-2023-6153	Authentication Bypass in TeoSOFT Software TeoBASE — TeoBASE	9.8	Critical	2024-03-27
CVE-2024-1202	Authentication Bypass in XPodas' Octopod — Octopod	9.8	Critical	2024-03-05
CVE-2023-7103	Authentication Bypass in ZKSoftware's UFace 5 — UFace 5	9.8	Critical	2024-03-05
CVE-2024-1403	Authentication Bypass in OpenEdge Authentication Gateway and AdminServer — OpenEdge	10.0	Critical	2024-02-27
CVE-2024-20674	Windows Kerberos Security Feature Bypass Vulnerability — Windows 10 Version 1809	8.8	High	2024-01-09
CVE-2023-6998	Lockscreen bypass in eWeLink App — eWeLink - Smart Home	7.7	High	2023-12-30
CVE-2023-4939	SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token — SALESmanago & Leadoo	5.3	Medium	2023-10-21
CVE-2023-4898	Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm — mintplex-labs/anything-llm	9.8	-	2023-09-11
CVE-2023-36497	Dover Fueling Solutions MAGLINK LX Web Console Authentication Bypass by Primary Weakness — MAGLINK LX Web Console Configuration	8.8	High	2023-09-11
CVE-2023-2959	Authentication Bypass by Primary Weakness in Oliva Expertise — Oliva Expertise EKS	7.5	High	2023-07-17
CVE-2023-34137	SonicWALL Analytics和GMS 授权问题漏洞 — GMS	9.8	-	2023-07-13
CVE-2023-34124	SonicWALL Analytics和GMS 授权问题漏洞 — GMS	9.8	-	2023-07-13
CVE-2023-28126	Ivanti Avalanche 竞争条件问题漏洞 — Avalanche	8.1	-	2023-05-09
CVE-2022-40723	Configuration-based MFA Bypass in PingID RADIUS PCV. — PingID Radius PCV	6.5	Medium	2023-04-25
CVE-2023-1833	Authentication Bypass in Redline Router — Redline Router	9.8	Critical	2023-04-14
CVE-2023-27535	curl 授权问题漏洞 — https://github.com/curl/curl	9.1	-	2023-03-30
CVE-2023-27536	curl 授权问题漏洞 — https://github.com/curl/curl	9.8	-	2023-03-30
CVE-2023-27538	libcurl 授权问题漏洞 — https://github.com/curl/curl	9.1	-	2023-03-30
CVE-2023-1307	Authentication Bypass by Primary Weakness in froxlor/froxlor — froxlor/froxlor	9.8	-	2023-03-10
CVE-2023-0777	Authentication Bypass by Primary Weakness in modoboa/modoboa — modoboa/modoboa	9.8	-	2023-02-10
CVE-2022-3100	OpenStack barbican 安全漏洞 — Red Hat OpenStack Platform	5.9	-	2023-01-18
CVE-2022-4722	Authentication Bypass by Primary Weakness in ikus060/rdiffweb — ikus060/rdiffweb	9.8	-	2022-12-23

Vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 115