CWE-305 · Authentication Bypass by Primary Weakness
149 CVEs classified under CWE-305 (Authentication Bypass by Primary Weakness). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-4320 | Critical | 10.0 | 2026-01-23 | Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutio… |
CVE-2025-24522 | Critical | 10.0 | 2025-05-01 | KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenti… |
CVE-2024-36388 | Critical | 10.0 | 2024-06-02 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function |
CVE-2024-1403 | Critical | 10.0 | 2024-02-27 | In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypa… |
CVE-2026-25555 | Critical | 9.8 | 2026-06-08 | OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attacker… |
CVE-2026-4670 | Critical | 9.8 | 2026-04-30 | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automat… |
CVE-2026-30849 | Critical | 9.8 | 2026-03-23 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication byp… |
CVE-2025-13915 | Critical | 9.8 | 2025-12-26 | IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the… |
CVE-2025-41733 | Critical | 9.8 | 2025-11-18 | The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST… |
CVE-2025-36386 | Critical | 9.8 | 2025-10-28 | IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthoriz… |
CVE-2025-53826 | Critical | 9.8 | 2025-07-15 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version… |
CVE-2025-46801 | Critical | 9.8 | 2025-05-19 | Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, a… |
CVE-2025-4658 | Critical | 9.8 | 2025-05-13 | Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH… |
CVE-2025-3757 | Critical | 9.8 | 2025-05-13 | Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. |
CVE-2025-32011 | Critical | 9.8 | 2025-05-01 | KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to… |
CVE-2025-31161 | Critical | 9.8 | 2025-04-03 | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as ex… |
CVE-2021-26102 | Critical | 9.8 | 2024-12-19 | A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete… |
CVE-2024-50478 | Critical | 9.8 | 2024-10-28 | Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-C… |
CVE-2023-41920 | Critical | 9.8 | 2024-07-02 | The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of… |
CVE-2023-6153 | Critical | 9.8 | 2024-03-27 | Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass. This issue affects TeoBASE: through 20240327… |