CWE-836: CWE-836

Total CVEs

Critical

High

7.4

Avg CVSS

Yearly Trend

2025

2023

Top Affected Vendors

1 Fortinet 1

2 Sonicwall 1

3 Copeland 1

4 Smarsh 1

5 Digi 1

6 Nec 1

All CWE-836 CVEs (6)

CVE-2023-34132

9.8

This vulnerability in SonicWall GMS and Analytics allows attackers to use password hashes instead of actual passwords for authentication, enabling Pas...

Jul 13, 2023

CVE-2023-4299

9.0

CVE-2023-4299 is an authentication bypass vulnerability in Digi RealPort Protocol that allows attackers to replay authentication packets to gain unaut...

Aug 31, 2023

CVE-2023-39546

8.8

This vulnerability in NEC's CLUSTERPRO X and EXPRESSCLUSTER X products allows authenticated attackers to execute arbitrary commands on affected system...

Nov 17, 2023

CVE-2025-52543

7.5

This vulnerability allows attackers to authenticate to E3 Site Supervisor Control systems by obtaining only password hashes, bypassing the need for ac...

Sep 2, 2025

CVE-2025-64471

4.9

This vulnerability allows unauthenticated attackers to bypass authentication on FortiWeb web application firewalls by using password hashes instead of...

Dec 9, 2025

CVE-2025-48925

4.3

TeleMessage service uses client-side MD5 hashing for authentication, allowing attackers to intercept or forge authentication credentials. This affects...

May 28, 2025

About CWE-836 (CWE-836)

Our database tracks 6 CVEs classified as CWE-836, with 2 rated critical and 2 rated high severity. The average CVSS score for CWE-836 vulnerabilities is 7.4.

External reference: View CWE-836 on MITRE CWE →

Monitor CWE-836 Vulnerabilities

Get alerted when new CWE-836 CVEs affect your infrastructure.

Start Monitoring Free