CWE-340: CWE-340

Total CVEs

Critical

High

7.1

Avg CVSS

Yearly Trend

2025

2024

Top Affected Vendors

1 F5 1

2 Xwiki 1

3 Infiniflow 1

4 Soplanning 1

5 Rittal 1

All CWE-340 CVEs (7)

CVE-2025-69286

9.8

CVE-2025-69286 is a critical authentication bypass vulnerability in RAGFlow where API keys and beta tokens are generated using the same insecure algor...

Dec 31, 2025

CVE-2024-47945

9.8

This vulnerability allows attackers to predict session IDs and hijack user sessions on affected Rittal IoT devices. Attackers can pre-generate valid s...

Oct 15, 2024

CVE-2025-62294

7.5

SOPlanning's password recovery token generation uses predictable values, allowing attackers to brute-force tokens and hijack any user account. This af...

Nov 20, 2025

CVE-2024-52299

7.5

CVE-2024-52299 is an authentication bypass vulnerability in the macro-pdfviewer component for XWiki that allows any user with view rights on XWiki.PDF...

Nov 13, 2024

CVE-2025-59452

5.8

The YoSmart YoLink API uses predictable endpoint URLs derived from device MAC addresses and MD5 hashes of non-secret information, allowing attackers t...

Oct 6, 2025

CVE-2025-58424

5.3

This vulnerability affects BIG-IP systems where undisclosed traffic can cause data corruption and unauthorized modification in protocols lacking messa...

Oct 15, 2025

CVE-2025-3449

4.2

A predictable session identifier generation vulnerability in B&R Automation Runtime's SDM component allows unauthenticated network attackers to hijack...

Oct 7, 2025

About CWE-340 (CWE-340)

Our database tracks 7 CVEs classified as CWE-340, with 2 rated critical and 2 rated high severity. The average CVSS score for CWE-340 vulnerabilities is 7.1.

External reference: View CWE-340 on MITRE CWE →

Monitor CWE-340 Vulnerabilities

Get alerted when new CWE-340 CVEs affect your infrastructure.

Start Monitoring Free