Login Sign Up

CWE-345: CWE-345

119
Total CVEs
27
Critical
62
High
7.8
Avg CVSS

Yearly Trend

2026
13
2025
29
2024
24
2023
22
2022
15

Top Affected Vendors

1 Google 4
2 Fedoraproject 4
3 Mozilla 3
4 Cisco 3
5 Redhat 3
6 Mi 2
7 Honeywell 2
8 Certifi 2
9 Motorola 2
10 Microsoft 2

All CWE-345 CVEs (119)

CVE-2025-15385
9.8

This CVE describes an authentication bypass vulnerability in TECNO Mobile's Boomplayer app. Attackers can bypass authentication mechanisms due to insu...

Jan 6, 2026
CVE-2025-66255
9.8

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM Transmitter devices, potentially leading to remote...

Nov 26, 2025
CVE-2025-1945
9.8

CVE-2025-1945 is a vulnerability in picklescan versions before 0.0.23 that allows attackers to bypass security scanning by embedding malicious pickle ...

Mar 10, 2025
CVE-2024-23601
9.8

A critical code injection vulnerability in AutomationDirect P3-550E's scan_lib.bin functionality allows attackers to execute arbitrary code by providi...

May 28, 2024
CVE-2024-1554
9.8

This vulnerability allows attackers to poison browser caches by using fetch() API requests with specific headers, causing subsequent navigations to th...

Feb 20, 2024
CVE-2023-36139
9.8

This vulnerability in PHPJabbers Cleaning Business Software 1.0 allows remote attackers to take over user accounts by changing email addresses and pas...

Aug 4, 2023
CVE-2023-36134
9.8

This vulnerability in PHP Jabbers Class Scheduling System 1.0 allows remote attackers to take over user accounts by changing email addresses and passw...

Aug 4, 2023
CVE-2023-25178
9.8

This vulnerability allows attackers to load malicious firmware onto Honeywell controllers, potentially enabling remote code execution. It affects Hone...

Jul 13, 2023
CVE-2023-27748
9.8

This vulnerability allows attackers to upload malicious firmware to BlackVue DR750-2CH LTE dashcams due to missing authenticity verification. Attacker...

Apr 13, 2023
CVE-2022-30315
9.8

Honeywell Experion PKS Safety Manager controllers lack cryptographic authentication for control logic downloads via the Safety Builder protocol, allow...

Jul 28, 2022
CVE-2022-29958
9.8

CVE-2022-29958 allows unauthenticated attackers to execute arbitrary machine code on JTEKT TOYOPUC PLCs by exploiting the unauthenticated CMPLink/TCP ...

Jul 26, 2022
CVE-2022-26871
9.8

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that allows unauthenticated remote attackers to upload ma...

Mar 29, 2022
CVE-2020-14115
9.8

A command injection vulnerability in Xiaomi Router AX3600 allows attackers to execute arbitrary code by exploiting insufficient input validation. This...

Mar 10, 2022
CVE-2022-25262
9.8

This vulnerability allows attackers to perform SAML request takeover in JetBrains Hub, potentially enabling authentication bypass and account compromi...

Feb 25, 2022
CVE-2021-29655
9.8

CVE-2021-29655 is a critical vulnerability in Pexip Infinity Connect that allows execution of untrusted code due to missing provisioning authenticity ...

Feb 18, 2022
CVE-2020-24672
9.8

CVE-2020-24672 is a critical vulnerability in ABB's SoftControl Base Software that allows remote attackers to execute arbitrary code on affected syste...

Sep 8, 2021
CVE-2020-28900
9.8

This vulnerability allows attackers to escalate privileges to root or execute arbitrary code on Nagios Fusion and Nagios XI systems by exploiting insu...

May 24, 2021
CVE-2020-26547
9.8

This vulnerability in Monal XMPP client allows remote attackers to inject fake messages into a user's chat history by exploiting insufficient sender v...

Feb 1, 2021
CVE-2026-23966
9.1

A private key recovery vulnerability exists in sm-crypto's SM2 decryption implementation, allowing attackers to fully extract private keys through sev...

Jan 22, 2026
CVE-2025-48865
9.1

CVE-2025-48865 is a vulnerability in Fabio HTTP/TCP router where clients can remove or manipulate X-Forwarded headers (except X-Forwarded-For) by expl...

May 30, 2025
CVE-2025-27558
9.1

This vulnerability allows attackers to inject arbitrary frames into mesh Wi-Fi networks using WPA, WPA2, WPA3, or WEP security. It affects devices tha...

May 21, 2025
CVE-2025-27680
9.1

CVE-2025-27680 is an insecure firmware image vulnerability in Vasion Print (formerly PrinterLogic) that allows attackers to upload malicious firmware ...

Mar 5, 2025
CVE-2023-4589
9.1

This vulnerability allows attackers with administrator access to Delinea Secret Server to install malicious software updates due to insufficient integ...

Sep 6, 2023
CVE-2023-28863
9.1

CVE-2023-28863 is an insufficient verification of data authenticity vulnerability in AMI MegaRAC SPx12 and SPx13 baseboard management controllers (BMC...

Apr 18, 2023
CVE-2023-26481
9.1

This vulnerability in authentik allows attackers to reset passwords for any user account when administrators create recovery links or send recovery UR...

Mar 4, 2023
CVE-2022-20829
9.1

This vulnerability allows authenticated administrators to upload malicious ASDM images to Cisco ASA devices, which can execute arbitrary code on the c...

Jun 24, 2022
CVE-2024-11666
9.0

This vulnerability allows remote unauthenticated attackers positioned between EV chargers and eCharge cloud infrastructure to execute arbitrary comman...

Nov 24, 2024
CVE-2026-24772
8.9

OpenProject's synchronization server improperly validates backend URLs, allowing attackers to decrypt intercepted authentication tokens and gain unaut...

Jan 28, 2026
CVE-2024-25638
8.9

This vulnerability in dnsjava allows attackers to inject malicious DNS records from different zones into DNS responses, potentially enabling DNS cache...

Jul 22, 2024
CVE-2025-6426
8.8

This vulnerability in Firefox for macOS fails to warn users before opening files with the 'terminal' extension, bypassing security warnings. It affect...

Jun 24, 2025
CVE-2025-49199
8.8

This vulnerability allows attackers to modify unsigned backup ZIP files and re-upload them to disrupt application functionality. Attackers can reconfi...

Jun 12, 2025
CVE-2024-7256
8.8

This vulnerability in Google Chrome's Dawn component on Android allows remote attackers to execute arbitrary code by tricking users into visiting a ma...

Aug 1, 2024
CVE-2023-27360
8.8

This vulnerability allows network-adjacent attackers to execute arbitrary code as root on NETGEAR RAX30 routers without authentication, due to a misco...

May 3, 2024
CVE-2023-5482
8.8

This vulnerability allows remote attackers to perform out-of-bounds memory access in Google Chrome's USB component via a crafted HTML page. Attackers ...

Nov 1, 2023
CVE-2015-8371
8.8

CVE-2015-8371 is a cache poisoning vulnerability in Composer that allows attackers to inject malicious code into server-side build processes. The vuln...

Sep 21, 2023
CVE-2022-30269
8.8

Motorola ACE1000 RTUs lack firmware signing for application images, relying only on insecure checksums. This allows attackers to upload malicious appl...

Jul 26, 2022
CVE-2021-26625
8.8

CVE-2021-26625 is an insufficient input validation vulnerability in Nexacro platform's automatic update function that allows remote attackers to downl...

Apr 19, 2022
CVE-2022-22994
8.8

This CVE describes a remote code execution vulnerability in Western Digital My Cloud NAS devices where attackers can exploit insufficient verification...

Jan 28, 2022
CVE-2021-45419
8.8

This CVE describes an improper input validation vulnerability in Starcharge Nova 360 Cabinet and Titan 180 Premium charging stations. Attackers can ex...

Dec 22, 2021
CVE-2021-37188
8.8

This vulnerability allows authenticated attackers to load custom firmware on Digi TransPort devices due to insufficient bootloader verification. Attac...

Dec 10, 2021
CVE-2021-33712
8.8

This vulnerability in Mendix SAML Module allows authenticated attackers to bypass identity provider restrictions and escalate privileges. It affects a...

Jun 8, 2021
CVE-2021-32665
8.8

This vulnerability in Wire iOS messaging app incorrectly marks verified conversations as unverified when users are added, potentially causing users to...

Jun 3, 2021
CVE-2021-1586
8.6

This vulnerability allows unauthenticated remote attackers to cause denial of service by sending crafted TCP traffic to specific ports on Cisco Nexus ...

Aug 25, 2021
CVE-2025-24903
8.5

This vulnerability in libsignal-service-rs allows any contact to forge sync messages and impersonate another device of the local user. It affects appl...

Feb 13, 2025
CVE-2022-26516
8.4

CVE-2022-26516 allows authorized users to install maliciously modified package files during device updates via the web interface. This could lead to c...

Apr 20, 2022
CVE-2025-43865
8.2

React Router versions 7.0.x before 7.5.2 allow attackers to modify pre-rendered data by adding specific headers to requests, enabling complete spoofin...

Apr 25, 2025
CVE-2025-7096
8.1

A critical vulnerability in Comodo Internet Security Premium allows remote attackers to bypass integrity checks via manipulation of the cis_update_x64...

Jul 6, 2025
CVE-2021-36367
8.1

This vulnerability in PuTTY allows an attacker-controlled SSH server to present a spoofed authentication prompt after establishing a connection, even ...

Jul 9, 2021
CVE-2024-58267
8.0

This vulnerability in Rancher Manager's SAML authentication for the Rancher CLI tool allows attackers to steal authentication tokens through phishing ...

Oct 2, 2025
CVE-2024-39805
7.8

This vulnerability in Intel DSA software allows authenticated local users to potentially escalate privileges due to insufficient data authenticity ver...

Feb 12, 2025

About CWE-345 (CWE-345)

Our database tracks 119 CVEs classified as CWE-345, with 27 rated critical and 62 rated high severity. The average CVSS score for CWE-345 vulnerabilities is 7.8.

External reference: View CWE-345 on MITRE CWE →

Monitor CWE-345 Vulnerabilities

Get alerted when new CWE-345 CVEs affect your infrastructure.

Start Monitoring Free