CWE-289
24 CVEs classified under CWE-289. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13613 | Critical | 9.8 | 2025-12-10 | The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not prop… |
CVE-2023-1803 | Critical | 9.8 | 2023-04-14 | Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Rout… |
CVE-2021-34746 | Critical | 9.8 | 2021-09-02 | A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow a… |
CVE-2025-29266 | Critical | 9.6 | 2025-03-31 | Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host netw… |
CVE-2023-20046 | High | 8.8 | 2023-05-09 | A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an… |
CVE-2025-64343 | High | 7.8 | 2025-11-07 | (conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory… |
CVE-2024-11283 | High | 7.5 | 2025-03-14 | The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_c… |
CVE-2024-51996 | High | 7.5 | 2024-11-13 | Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony do… |
CVE-2024-2098 | High | 7.5 | 2024-06-13 | The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' func… |
CVE-2023-41890 | High | 7.5 | 2023-09-19 | Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2… |
CVE-2023-3263 | High | 7.5 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of spec… |
CVE-2026-32036 | Medium | 6.5 | 2026-03-19 | OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks b… |
CVE-2023-38487 | Medium | 6.5 | 2023-08-04 | HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an ali… |
CVE-2025-14777 | Medium | 6.0 | 2025-12-16 | A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin API endpoints for authorization resource management, specifical… |
CVE-2025-8415 | Medium | 5.9 | 2025-08-20 | A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to th… |
CVE-2023-51663 | Medium | 5.3 | 2023-12-29 | Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on O… |
CVE-2026-43617 | Medium | 4.8 | 2026-05-20 | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configure… |
CVE-2025-64521 | Medium | 4.8 | 2025-11-19 | authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client_id and client_secret to an OAuth provi… |
CVE-2026-3184 | Low | 3.7 | 2026-04-03 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote… |
CVE-2026-23903 | | 2026-02-09 | Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to ver… |