Login Sign Up

CWE-305: CWE-305

57
Total CVEs
22
Critical
22
High
8.2
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
7
2025
21
2024
17
2023
5
2022
5

Top Affected Vendors

1 Huawei 4
2 Fortinet 2
3 Google 2
4 Ibm 2
5 Openpubkey 2
6 Cisco 2
7 Debian 2
8 Openvpn 2
9 Langgenius 1
10 Coolkit 1

All CWE-305 CVEs (57)

CVE-2025-4320
10.0

This vulnerability allows attackers to bypass authentication and exploit weak password recovery mechanisms in Birebirsoft Sufirmam software. Attackers...

Jan 23, 2026
CVE-2025-24522
10.0

KUNBUS Revolution Pi OS Bookworm 01/2025 has no authentication configured by default for its Node-RED server, allowing unauthenticated remote attacker...

May 1, 2025
CVE-2025-13915
9.8

This authentication bypass vulnerability in IBM API Connect allows remote attackers to gain unauthorized access without valid credentials. It affects ...

Dec 26, 2025
CVE-2025-36386
9.8

CVE-2025-36386 is an authentication bypass vulnerability in IBM Maximo Application Suite that allows remote attackers to gain unauthorized access with...

Oct 28, 2025
CVE-2025-53826
9.8

File Browser version 2.39.0 has an authentication flaw where JWT tokens remain valid indefinitely even after user logout. This allows attackers with s...

Jul 15, 2025
CVE-2025-46801
9.8

CVE-2025-46801 is an authentication bypass vulnerability in Pgpool-II that allows attackers to log in as any user without valid credentials. This affe...

May 19, 2025
CVE-2025-3757
9.8

OpenPubkey library versions before 0.10.0 contain a signature verification bypass vulnerability in JWS (JSON Web Signature) handling. Attackers can fo...

May 13, 2025
CVE-2025-4658
9.8

This vulnerability allows attackers to bypass signature verification in OpenPubkey library by crafting malicious JWS tokens. This authentication bypas...

May 13, 2025
CVE-2025-31161
KEV EPSS 88% 9.8

This critical authentication bypass vulnerability in CrushFTP allows unauthenticated attackers to gain administrative access by exploiting a race cond...

Apr 3, 2025
CVE-2021-26102
9.8

A relative path traversal vulnerability in FortiWAN allows unauthenticated remote attackers to delete system files via crafted POST requests. Deleting...

Dec 19, 2024
CVE-2024-50478
9.8

This vulnerability allows attackers to bypass authentication in the Swoop 1-Click Login WordPress plugin, potentially gaining unauthorized access to W...

Oct 28, 2024
CVE-2023-6153
9.8

CVE-2023-6153 is an authentication bypass vulnerability in TeoSOFT's TeoBASE software that allows attackers to gain unauthorized access without valid ...

Mar 27, 2024
CVE-2024-1202
9.8

CVE-2024-1202 is an authentication bypass vulnerability in XPodas Octopod that allows attackers to gain unauthorized access without valid credentials....

Mar 21, 2024
CVE-2023-7103
9.8

This critical authentication bypass vulnerability in ZKSoftware UFace 5 biometric security systems allows attackers to bypass authentication mechanism...

Mar 5, 2024
CVE-2023-34124
9.8

CVE-2023-34124 is an authentication bypass vulnerability in SonicWall GMS and Analytics Web Services that allows attackers to gain unauthorized access...

Jul 13, 2023
CVE-2023-1307
9.8

CVE-2023-1307 is an authentication bypass vulnerability in the Froxlor server management panel that allows attackers to gain unauthorized administrati...

Mar 10, 2023
CVE-2022-0547
9.8

This vulnerability allows authentication bypass in OpenVPN when using external authentication plugins with deferred authentication replies. Attackers ...

Mar 18, 2022
CVE-2020-24683
9.8

CVE-2020-24683 is an authentication bypass vulnerability in S+ Operations software where client-side authentication can be circumvented, allowing unau...

Dec 22, 2020
CVE-2026-28536
9.6

This CVE describes an authentication bypass vulnerability in Huawei device authentication modules that allows attackers to bypass authentication mecha...

Mar 5, 2026
CVE-2025-68435
9.1

Zerobyte backup automation tool versions before 0.18.5 and 0.19.0 have an authentication bypass vulnerability where certain API endpoints don't proper...

Dec 17, 2025
CVE-2023-20154
9.1

This vulnerability allows an unauthenticated remote attacker to bypass authentication in Cisco Modeling Labs and gain administrative access to the web...

Nov 15, 2024
CVE-2021-3850
9.1

CVE-2021-3850 is an authentication bypass vulnerability in ADOdb database abstraction library versions prior to 5.20.21. Attackers can bypass authenti...

Jan 25, 2022
CVE-2026-3047
8.8

This vulnerability allows attackers to bypass authentication in Keycloak by exploiting a disabled SAML client configured as an Identity Provider-initi...

Mar 5, 2026
CVE-2024-7557
8.8

This vulnerability in OpenShift AI allows attackers to bypass authentication and escalate privileges across AI models within the same namespace. By us...

Aug 12, 2024
CVE-2023-36497
8.8

This vulnerability in Dover Fueling Solutions MAGLINK LX Web Console allows guest users to escalate their privileges to administrative level. It affec...

Sep 11, 2023
CVE-2025-54622
8.3

This CVE describes an authentication bypass vulnerability in Huawei's devicemanager module that allows attackers to access restricted functionality wi...

Aug 6, 2025
CVE-2025-41450
8.2

This CVE describes an improper authentication vulnerability in Danfoss AK-SM 8xxA Series building automation controllers. Attackers can bypass authent...

May 8, 2025
CVE-2026-22153
8.1

This vulnerability allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies in Fortinet FortiOS when the remo...

Feb 10, 2026
CVE-2024-12776
8.1

This vulnerability allows attackers to reset any user's password without verifying the reset code, enabling account takeover including administrator a...

Mar 20, 2025
CVE-2024-51738
8.1

Sunshine versions 0.23.1 and earlier have a pairing protocol vulnerability that allows man-in-the-middle attacks during client pairing. An unauthentic...

Jan 20, 2025
CVE-2024-10394
7.8

This vulnerability allows local users on Unix systems running OpenAFS clients to bypass PAG throttling mechanisms. By creating a PAG with an existing ...

Nov 14, 2024
CVE-2024-20015
7.8

This CVE describes a local privilege escalation vulnerability in MediaTek telephony components where an attacker can bypass permissions checks to gain...

Feb 5, 2024
CVE-2022-23729
7.8

This vulnerability allows attackers to access the Android Debug Bridge (ADB) shell on LG mobile devices without authentication when the device is in f...

Mar 4, 2022
CVE-2023-6998
7.7

This vulnerability allows attackers to bypass the lockscreen on eWeLink mobile apps, potentially accessing the application without proper authenticati...

Dec 30, 2023
CVE-2021-45031
7.7

This vulnerability in MEPSAN's USC+ software allows attackers to generate passwords for high-privileged accounts due to a weakness in the login functi...

Mar 30, 2022
CVE-2025-51663
7.5

This vulnerability allows remote attackers to bypass IP-based rate limiting in FileCodeBox by spoofing X-Real-IP and X-Forwarded-For HTTP headers. Att...

Nov 19, 2025
CVE-2023-4727
7.5

This vulnerability allows attackers to bypass token authentication in dogtag-pki and pki-core systems via LDAP injection. By sending a sessionID=* par...

Jun 11, 2024
CVE-2023-2959
7.5

This vulnerability allows attackers to bypass authentication mechanisms in Oliva Expertise EKS software, potentially enabling unauthorized data collec...

Jul 17, 2023
CVE-2021-28503
7.4

Arista EOS eAPI authentication bypass vulnerability allows remote attackers to access network devices without proper credential validation when certif...

Feb 4, 2022
CVE-2021-3547
7.4

This vulnerability allows a man-in-the-middle attacker to bypass certificate authentication in OpenVPN 3 Core Library by presenting an unrelated serve...

Jul 12, 2021
CVE-2025-56132
7.3

LiquidFiles filetransfer server versions prior to 4.2 have a user enumeration vulnerability in the password reset functionality. Unauthenticated attac...

Sep 30, 2025
CVE-2024-34077
7.3

MantisBT versions before 2.26.2 have an insufficient access control vulnerability in the registration and password reset process. An attacker can rese...

May 14, 2024
CVE-2025-58382
7.2

This vulnerability in Brocade Fabric OS allows authenticated remote attackers with administrative credentials to execute arbitrary commands as root us...

Feb 3, 2026
CVE-2024-12582
7.1

CVE-2024-12582 is an authentication bypass vulnerability in Skupper Console that allows attackers to read any user-readable files from the container f...

Dec 24, 2024
CVE-2025-53167
6.9

This authentication vulnerability in Huawei's distributed collaboration framework module could allow attackers to bypass authentication mechanisms and...

Jul 7, 2025
CVE-2025-27370
6.9

This OpenID Connect vulnerability allows malicious Authorization Servers to inject attacker-controlled values into the audience claim when private_key...

Mar 3, 2025
CVE-2024-38433
6.7

This vulnerability allows an attacker with write access to the SPI-Flash on NPCM7xx BMC subsystems to modify the u-boot image header, potentially bypa...

Jul 11, 2024
CVE-2025-68609
6.6

This vulnerability in Palantir's Aries service allows unauthenticated attackers to bypass authentication and authorization checks, enabling them to vi...

Jan 22, 2026
CVE-2024-5956
6.5

This vulnerability allows unauthenticated remote attackers to bypass authentication mechanisms in Trellix IPS Manager by sending specially crafted gar...

Sep 5, 2024
CVE-2025-23017
6.0

WorkOS Hosted AuthKit versions before 2025-01-07 contain an authentication bypass vulnerability where attackers who know a user's password can bypass ...

Feb 24, 2025

About CWE-305 (CWE-305)

Our database tracks 57 CVEs classified as CWE-305, with 22 rated critical and 22 rated high severity. The average CVSS score for CWE-305 vulnerabilities is 8.2.

External reference: View CWE-305 on MITRE CWE →

Monitor CWE-305 Vulnerabilities

Get alerted when new CWE-305 CVEs affect your infrastructure.

Start Monitoring Free