Weaknesses of type CWE-305
147 resultsCVE-2023-6998HIGHLockscreen bypass in eWeLink AppEPSS 0.2%CVE-2025-31703LOWA vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restEPSS 0.2%CVE-2024-12054MEDIUMZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary WeaknessEPSS 0.2%CVE-2025-59941MEDIUMgo-f3 is Vulnerable to Cached Justification Verification BypassEPSS 0.2%CVE-2022-39245HIGHMist vulnerable to user providing a Sudo binary for authentication checksEPSS 0.2%CVE-2026-9047HIGHImproper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knEPSS 0.2%CVE-2026-33892MEDIUMA vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management ProEPSS 0.2%CVE-2026-9798MEDIUMKeycloak: keycloak: brute-force protection bypass in ciba flowEPSS 0.2%CVE-2024-10394HIGHTheft of credentials in Unix client PAGsEPSS 0.2%CVE-2025-53167MEDIUMAuthentication vulnerability in the distributed collaboration framework module
Impact: Successful exploitation of this vulnerability may affEPSS 0.2%CVE-2025-4994HIGHAuthentication Bypass for SafeLine SL6 and SL6+EPSS 0.2%CVE-2024-38433MEDIUMNuvoton - CWE-305: Authentication Bypass by Primary WeaknessEPSS 0.2%CVE-2026-41054HIGHMissing exit out of permission check in haveged could lead to root exploitEPSS 0.2%CVE-2022-38081MEDIUMTokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.EPSS 0.2%CVE-2026-28536CRITICALAuthentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect iEPSS 0.2%CVE-2025-31965HIGHHCL BigFix Remote Control is affected by an authorization bypass vulnerabilityEPSS 0.2%CVE-2022-38064MEDIUMwindowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.EPSS 0.2%CVE-2025-46750MEDIUMAuthentication BypassEPSS 0.1%CVE-2025-62772LOWOn Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.EPSS 0.1%CVE-2022-48470MEDIUMHuawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow aEPSS 0.1%