CWE-289 is a common weakness enumeration in software security. This database tracks 12 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-289?

There are 12 CVE vulnerabilities classified as CWE-289 with an average CVSS score of 8.2833333333333.

What is the severity distribution for CWE-289?

CWE-289 contains 4 critical, 6 high, 2 medium, and 0 low severity vulnerabilities.

CWE-289

Total CVEs

Vulnerabilities

Avg CVSS v3

8.3

High

Avg CVSS v2

8.1

High

Latest CVE

2025

Most Recent

Severity Distribution

Critical 4

33.3%

High 6

50%

Medium 2

16.7%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (12)

Page 1 of 1

CVE-2024-56511

CRITICAL

CVSS:9.8(Critical)

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause th...

CWE-2892024

CVE-2023-1803

CRITICAL

CVSS:9.8(Critical)

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CWE-2892023

CVE-2021-34746

CRITICAL

CVSS:9.8(Critical)

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to byp...

CWE-2892021

CVE-2025-29266

CRITICAL

CVSS:9.6(Critical)

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

CWE-2892025

CVE-2023-20046

HIGH

CVSS:8.8(High)

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is du...

CWE-2892023

CVE-2017-16590

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this v...

CWE-2892017

CVE-2023-38487

HIGH

CVSS:8.2(High)

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The...

CWE-2892023

CVE-2024-11283

HIGH

CVSS:7.5(High)

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a...

CWE-2892024

CVE-2023-41890

HIGH

CVSS:7.5(High)

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer...

CWE-2892023

CVE-2023-3263

HIGH

CVSS:7.5(High)

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.S...

CWE-2892023

CVE-2024-34519

MEDIUM

CVSS:6.8(Medium)

Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Acc...

CWE-2892024

CVE-2023-51663

MEDIUM

CVSS:5.3(Medium)

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from...

CWE-2892023