CWE-697 · Incorrect Comparison
59 CVEs classified under CWE-697 (Incorrect Comparison). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24621 | Critical | 9.8 | 2024-07-25 | Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulne… |
CVE-2021-3833 | Critical | 9.8 | 2021-10-07 | Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. A… |
CVE-2025-48952 | Critical | 9.4 | 2025-07-04 | NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass pass… |
CVE-2026-44196 | Critical | 9.1 | 2026-05-12 | Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacke… |
CVE-2024-34340 | Critical | 9.1 | 2024-05-13 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their passw… |
CVE-2022-43621 | High | 8.8 | 2023-03-29 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not… |
CVE-2020-8864 | High | 8.8 | 2020-03-23 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with fi… |
CVE-2020-8862 | High | 8.8 | 2020-02-22 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authent… |
CVE-2025-20343 | High | 8.6 | 2025-11-05 | A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthe… |
CVE-2020-11072 | High | 8.6 | 2020-05-12 | In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A p… |
CVE-2020-11071 | High | 8.6 | 2020-05-12 | SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction opera… |
CVE-2024-29026 | High | 8.2 | 2024-03-20 | Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy all… |
CVE-2025-3102 | High | 8.1 | 2025-04-10 | The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due… |
CVE-2020-10027 | High | 7.8 | 2020-05-11 | An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephy… |
CVE-2020-10024 | High | 7.8 | 2020-05-11 | The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user… |
CVE-2026-26275 | High | 7.5 | 2026-02-19 | httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verifica… |
CVE-2023-40271 | High | 7.5 | 2023-09-08 | In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selecte… |
CVE-2023-22435 | High | 7.5 | 2023-07-13 | Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. |
CVE-2023-25666 | High | 7.5 | 2023-03-24 | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix… |
CVE-2023-25669 | High | 7.5 | 2023-03-24 | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops… |