CVE-2024-36388
10.0CRITICAL
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
6/2/2024CWE-305, CWE-306
Weakness Type
CWE-305
All CVE vulnerabilities classified under this weakness type.
View on MITRE CWETotal CVEs
42
Critical
15
In KEV
0
With Exploits
0
CVE-2024-38433
6.7MEDIUM
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the ...
7/11/2024CWE-305, CWE-287
CVE-2023-1307
9.8CRITICAL
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
3/10/2023CWE-305
CVE-2023-0777
9.8CRITICAL
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
2/10/2023CWE-305
CVE-2022-4722
7.2HIGH
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.
12/27/2022CWE-305, CWE-287
CVE-2022-2651
9.8CRITICAL
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
8/4/2022CWE-305
CVE-2021-3850
9.1CRITICAL
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
1/25/2022CWE-305, CWE-287
CVE-2025-62772
3.1LOW
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.
10/22/2025CWE-305
CVE-2023-4898
7.5HIGH
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
9/12/2023CWE-305
CVE-2024-5957
6.3MEDIUM
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
9/5/2024CWE-305, CWE-287
CVE-2025-54622
8.3HIGH
Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
8/6/2025CWE-305
CVE-2025-53167
6.9MEDIUM
Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
7/7/2025CWE-305
CVE-2025-41450
8.2HIGH
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2
5/8/2025CWE-305
CVE-2022-38064
6.2MEDIUM
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.
9/9/2022CWE-305, CWE-287
CVE-2025-3757
9.8CRITICAL
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
5/13/2025CWE-305, CWE-347
CVE-2023-28727
9.6CRITICAL
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.
3/31/2023CWE-287, CWE-305
CVE-2023-1833
9.8CRITICAL
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.
4/14/2023CWE-305, CWE-287
CVE-2022-38700
8.8HIGH
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
9/9/2022CWE-305, CWE-287
CVE-2022-23729
7.8HIGH
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.
3/4/2022CWE-305, CWE-287
CVE-2023-46611
5.3MEDIUM
Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.
Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.
1/2/2025CWE-305
CVE-2023-7103
9.8CRITICAL
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024.
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024.
3/5/2024CWE-305
CVE-2023-6998
7.7HIGH
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
12/30/2023CWE-305
CVE-2021-45031
7.7HIGH
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.
3/30/2022CWE-305
CVE-2024-50478
9.8CRITICAL
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication:
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: ...
10/28/2024CWE-305, CWE-287
CVE-2025-31965
8.2HIGH
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
7/29/2025CWE-305
CVE-2024-42513
5.3MEDIUM
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.
2/10/2025CWE-305
CVE-2024-5956
6.5MEDIUM
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
9/5/2024CWE-305, CWE-287
CVE-2023-2959
7.5HIGH
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.
7/17/2023CWE-305, CWE-287
CVE-2022-40723
6.5MEDIUM
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
4/25/2023CWE-305, CWE-287
CVE-2019-14909
8.3HIGH
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
12/4/2019CWE-287, CWE-305 +2
CVE-2025-32011
9.8CRITICAL
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.
5/1/2025CWE-305
CVE-2025-23017
6.0MEDIUM
WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.
WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.
2/24/2025CWE-305
CVE-2023-6153
9.8CRITICAL
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early abou
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early abou...
3/27/2024CWE-305
CVE-2024-1202
9.8CRITICAL
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that t
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that t...
3/21/2024CWE-305
CVE-2022-38081
6.2MEDIUM
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vul
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vul...
9/9/2022CWE-305, CWE-287
CVE-2021-21403
7.5HIGH
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
3/26/2021CWE-305, CWE-287
CVE-2022-48470
4.0MEDIUM
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HW
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HW...
12/28/2024CWE-305
CVE-2023-41920
9.8CRITICAL
The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatical
The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatical...
7/2/2024CWE-305
CVE-2020-15077
5.3MEDIUM
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be use
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be use...
6/4/2021CWE-305, CWE-287
CVE-2021-26726
8.8HIGH
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions f
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions f...
2/16/2022CWE-78, CWE-209 +3
CVE-2025-13915
9.8CRITICAL
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
12/26/2025CWE-305
CVE-2025-46750
4.4MEDIUM
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no...
5/12/2025CWE-305