CWE-305 · Authentication Bypass by Primary Weakness

149 CVEs classified under CWE-305 (Authentication Bypass by Primary Weakness). Browse by severity and year.

Top CVEs for CWE-305
CVESeverityScorePublishedSummary
CVE-2025-4320Critical10.02026-01-23Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutio…
CVE-2025-24522Critical10.02025-05-01KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenti…
CVE-2024-36388Critical10.02024-06-02MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
CVE-2024-1403Critical10.02024-02-27In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypa…
CVE-2026-25555Critical9.82026-06-08OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attacker…
CVE-2026-4670Critical9.82026-04-30Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automat…
CVE-2026-30849Critical9.82026-03-23Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication byp…
CVE-2025-13915Critical9.82025-12-26IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the…
CVE-2025-41733Critical9.82025-11-18The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST…
CVE-2025-36386Critical9.82025-10-28IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthoriz…
CVE-2025-53826Critical9.82025-07-15File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version…
CVE-2025-46801Critical9.82025-05-19Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, a…
CVE-2025-4658Critical9.82025-05-13Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH…
CVE-2025-3757Critical9.82025-05-13Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
CVE-2025-32011Critical9.82025-05-01KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to…
CVE-2025-31161Critical9.82025-04-03CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as ex…
CVE-2021-26102Critical9.82024-12-19A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete…
CVE-2024-50478Critical9.82024-10-28Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-C…
CVE-2023-41920Critical9.82024-07-02The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of…
CVE-2023-6153Critical9.82024-03-27Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass. This issue affects TeoBASE: through 20240327…