CWE-324: CWE-324

Total CVEs

Critical

High

6.7

Avg CVSS

Yearly Trend

2025

2024

Top Affected Vendors

1 Ibm 2

2 Linux 1

3 Fedoraproject 1

4 Zitadel 1

5 Debian 1

6 Pgbouncer 1

7 Moodle 1

All CWE-324 CVEs (7)

CVE-2024-36031

9.8

A Linux kernel vulnerability in the key management subsystem unconditionally overwrites key expiration times during instantiation, defaulting them to ...

May 30, 2024

CVE-2025-31123

8.7

Zitadel identity infrastructure software has a vulnerability where expired JWT keys can be used to obtain valid access tokens during Authorization Gra...

Mar 31, 2025

CVE-2025-2291

8.1

This vulnerability in PgBouncer allows attackers to authenticate with expired passwords when using auth_query mode. The connection pooler fails to che...

Apr 16, 2025

CVE-2025-33012

6.3

This vulnerability in IBM Db2 allows authenticated users to regain access to their accounts even after being locked out due to password expiration. It...

Nov 7, 2025

CVE-2024-38277

5.4

This vulnerability allows an attacker to use a QR login key interchangeably with an auto-login key, potentially bypassing authentication mechanisms. I...

Jun 18, 2024

CVE-2024-31894

4.3

IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 contain an authentication flaw where expired access tokens can still be used to retriev...

May 22, 2024

CVE-2023-5342

4.1

An expired Fedora Secure Boot CA certificate in shim could allow loading of old or invalid signed boot components, potentially bypassing Secure Boot p...

Aug 14, 2025

About CWE-324 (CWE-324)

Our database tracks 7 CVEs classified as CWE-324, with 1 rated critical and 2 rated high severity. The average CVSS score for CWE-324 vulnerabilities is 6.7.

External reference: View CWE-324 on MITRE CWE →

Monitor CWE-324 Vulnerabilities

Get alerted when new CWE-324 CVEs affect your infrastructure.

Start Monitoring Free