CWE-303: CWE-303
Yearly Trend
Top Affected Vendors
All CWE-303 CVEs (33)
The WP Directory Kit WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to generate predictable auto-lo...
Dec 3, 2025This vulnerability allows unauthenticated remote attackers to bypass authentication controls on Cisco Wireless LAN Controllers by using crafted creden...
Apr 15, 2022This vulnerability allows authenticated Mattermost users to perform account takeover by exploiting a flaw in the SSO code exchange process. Attackers ...
Nov 27, 2025This vulnerability allows authenticated attackers with team creation privileges to take over user accounts in Mattermost by manipulating OAuth state t...
Nov 27, 2025This vulnerability in Cal.com scheduling software allows attackers to bypass password verification when providing a TOTP code, potentially gaining una...
Dec 3, 2025This vulnerability allows attackers to exploit weaknesses in Windows NTLM v1 authentication to gain elevated privileges on affected systems. Attackers...
Jan 14, 2025This vulnerability allows attackers to bypass authentication in M-Files servers when configured with vulnerable OpenLDAP setups. It enables unauthoriz...
Nov 20, 2024This CVE describes an authentication bypass vulnerability in GitHub Enterprise Server when using SAML SSO with encrypted assertions. Attackers can for...
May 20, 2024CVE-2023-3326 is an authentication bypass vulnerability in pam_krb5 where the module fails to properly validate Kerberos ticket-granting tickets from ...
Jun 22, 2023CVE-2023-29357 is a critical elevation of privilege vulnerability in Microsoft SharePoint Server that allows attackers to bypass authentication and ga...
Jun 14, 2023This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to escape the browser sandbox via a crafted HTML pag...
Jul 16, 2024This vulnerability in Mendix SAML modules allows unauthenticated remote attackers to bypass authentication and gain unauthorized access to application...
Jun 13, 2023This vulnerability allows unauthenticated remote attackers to bypass authentication in Mendix SAML modules by exploiting insufficient verification of ...
Mar 14, 2023This vulnerability allows attackers to bypass authentication on ABB WebPro SNMP Card PowerValue devices due to incorrect implementation of the authent...
Jan 7, 2026This vulnerability allows attackers to bypass authentication during legacy Bluetooth Low Energy (BLE) pairing, potentially enabling unauthorized acces...
Jul 9, 2024This vulnerability in Checkmk allows attackers to use locked credentials due to insufficient authentication flow. Attackers could potentially gain una...
Jan 12, 2024CVE-2021-32691 is an authentication bypass vulnerability in Apollos Apps where new user registrations can access any user's account using only basic p...
Jun 16, 2021A privilege escalation vulnerability in Microsoft Exchange Server allows unauthorized attackers to gain elevated local privileges due to incorrect aut...
Oct 14, 2025This vulnerability involves an incorrect implementation of an authentication algorithm in ABB Ability OPTIMAX, potentially allowing attackers to bypas...
Jan 16, 2026This authentication bypass vulnerability in ESPHome allows attackers to access web server functionality without valid credentials when they provide an...
Sep 2, 2025This vulnerability in Eclipse Dataspace Components allows attackers to bypass token expiration checks in the ConsumerPullTransferTokenValidationApiCon...
Sep 11, 2024An authentication bypass vulnerability in Dell PowerProtect Data Domain's RestAPI allows unauthenticated remote attackers to gain unauthorized access....
Oct 7, 2025This vulnerability allows authentication bypass in GLPI when using OauthIMAP plugin with Mail servers authentication. Anyone can connect using any use...
Feb 25, 2025This vulnerability allows an authenticated attacker to elevate privileges on Windows systems by exploiting a flaw in the Kerberos authentication proto...
Apr 9, 2024This vulnerability in Eclipse Kura's LogServlet allows unauthenticated attackers to retrieve device logs via specially crafted requests. The downloade...
Apr 9, 2024This vulnerability allows unauthenticated attackers to bypass authentication in Mattermost's Jira plugin and make authenticated requests to Jira serve...
Dec 22, 2025This vulnerability allows attackers to bypass two-factor authentication in WS_FTP Server's Web Transfer Module. Users can log in with only username an...
Nov 12, 2024This authentication bypass vulnerability in GoAnywhere MFT allows Admin Users with Agent Console access to circumvent permission checks and access una...
Aug 14, 2024Asterisk versions 18.23.0 incorrectly identify all unauthorized SIP requests as coming from the local PJSIP endpoint, potentially allowing unauthorize...
May 17, 2024This vulnerability allows authenticated users to bypass SSO-only login requirements in Mattermost by using userID-based authentication. It affects Mat...
Feb 16, 2026Mattermost fails to invalidate user cache when converting accounts to bots, allowing attackers to log in once using the original user credentials. Thi...
Apr 14, 2025This vulnerability in the CraftCMS Two-Factor Authentication plugin allows attackers to reuse TOTP tokens multiple times within their validity period,...
Jun 6, 2024Mattermost fails to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bo...
May 30, 2025About CWE-303 (CWE-303)
Our database tracks 33 CVEs classified as CWE-303, with 13 rated critical and 13 rated high severity. The average CVSS score for CWE-303 vulnerabilities is 8.2.
External reference: View CWE-303 on MITRE CWE →
Monitor CWE-303 Vulnerabilities
Get alerted when new CWE-303 CVEs affect your infrastructure.
Start Monitoring Free