Login Sign Up

CWE-304: CWE-304

11
Total CVEs
2
Critical
7
High
7.9
Avg CVSS

Yearly Trend

2025
6
2024
2
2023
1
2022
2

Top Affected Vendors

1 Mediatek 1
2 Google 1
3 Dell 1
4 Tenda 1
5 Linuxfoundation 1
6 Jetbrains 1
7 Elfatek 1
8 Gaizhenbiao 1
9 Palantir 1
10 Lenze 1

All CWE-304 CVEs (11)

CVE-2022-2302
9.8

This vulnerability allows remote attackers to bypass authentication on Lenze cabinet series products after an initial legitimate login. An attacker ca...

Jul 11, 2022
CVE-2024-45764
9.0

Dell Enterprise SONiC OS versions 4.1.x and 4.2.x contain a missing critical step in authentication that allows unauthenticated remote attackers to by...

Nov 8, 2024
CVE-2025-24322
8.1

An unsafe default authentication vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code via specially crafted network requests ...

Aug 20, 2025
CVE-2024-9216
8.1

This authentication bypass vulnerability in ChuanhuChatGPT allows attackers to read and delete other users' chat histories by manipulating username pa...

Mar 20, 2025
CVE-2022-1065
8.1

This vulnerability allows remote attackers to bypass the second authentication factor (MFA) in Abacus ERP systems. Attackers can potentially gain unau...

Apr 19, 2022
CVE-2024-11302
8.0

This vulnerability allows attackers to arbitrarily add, modify, or remove bindings in the lollms_binding_infos module without proper authorization che...

Mar 20, 2025
CVE-2023-22833
7.6

This vulnerability allows authenticated users within a Palantir Foundry organization to bypass access controls, potentially accessing data they should...

Jun 6, 2023
CVE-2024-20153
7.5

This vulnerability allows attackers to spoof Wi-Fi access point SSIDs, tricking client devices into connecting to malicious networks. This affects dev...

Jan 6, 2025
CVE-2023-52424
7.4

This CVE describes an SSID confusion vulnerability in the IEEE 802.11 WiFi standard that allows attackers to trick devices into connecting to maliciou...

May 17, 2024
CVE-2024-12136
6.9

This CVE describes an authentication bypass vulnerability in Elfatek Elektronics ANKA JPD-00028 devices. Attackers can bypass authentication mechanism...

Mar 19, 2025
CVE-2025-43014
6.1

The JetBrains Toolbox App SSH plugin before version 2.6 establishes SSH connections without requiring sufficient user confirmation. This allows potent...

Apr 17, 2025

About CWE-304 (CWE-304)

Our database tracks 11 CVEs classified as CWE-304, with 2 rated critical and 7 rated high severity. The average CVSS score for CWE-304 vulnerabilities is 7.9.

External reference: View CWE-304 on MITRE CWE →

Monitor CWE-304 Vulnerabilities

Get alerted when new CWE-304 CVEs affect your infrastructure.

Start Monitoring Free