Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-16839

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Jul, 2021 | 14:20
Updated At-04 Aug, 2024 | 13:45
Rejected At-
Credits

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Jul, 2021 | 14:20
Updated At:04 Aug, 2024 | 13:45
Rejected At:
▼CVE Numbering Authority (CNA)

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.crestron.com
x_refsource_MISC
https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802
x_refsource_CONFIRM
https://www.security.crestron.com
x_refsource_CONFIRM
Hyperlink: https://support.crestron.com
Resource:
x_refsource_MISC
Hyperlink: https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.security.crestron.com
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.crestron.com
x_refsource_MISC
x_transferred
https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802
x_refsource_CONFIRM
x_transferred
https://www.security.crestron.com
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.crestron.com
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.security.crestron.com
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Jul, 2021 | 14:15
Updated At:12 Jul, 2022 | 17:42

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

Crestron Electronics, Inc.
crestron
>>dm-nvx-dir-80>>-
cpe:2.3:h:crestron:dm-nvx-dir-80:-:*:*:*:*:*:*:*
Crestron Electronics, Inc.
crestron
>>dm-nvx-dir-80_firmware>>1.0.1.788
cpe:2.3:o:crestron:dm-nvx-dir-80_firmware:1.0.1.788:*:*:*:*:*:*:*
Crestron Electronics, Inc.
crestron
>>dm-nvx-dir-160>>-
cpe:2.3:h:crestron:dm-nvx-dir-160:-:*:*:*:*:*:*:*
Crestron Electronics, Inc.
crestron
>>dm-nvx-dir-160_firmware>>1.0.1.788
cpe:2.3:o:crestron:dm-nvx-dir-160_firmware:1.0.1.788:*:*:*:*:*:*:*
Crestron Electronics, Inc.
crestron
>>dm-nvx-dir-ent>>-
cpe:2.3:h:crestron:dm-nvx-dir-ent:-:*:*:*:*:*:*:*
Crestron Electronics, Inc.
crestron
>>dm-nvx-dir-ent_firmware>>1.0.1.788
cpe:2.3:o:crestron:dm-nvx-dir-ent_firmware:1.0.1.788:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.crestron.comcve@mitre.org
Vendor Advisory
https://www.crestron.com/Security/Security-at-Crestronnvd@nist.gov
Vendor Advisory
https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802cve@mitre.org
Permissions Required
https://www.security.crestron.comcve@mitre.org
Broken Link
Hyperlink: https://support.crestron.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.crestron.com/Security/Security-at-Crestron
Source: nvd@nist.gov
Resource:
Vendor Advisory
Hyperlink: https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: https://www.security.crestron.com
Source: cve@mitre.org
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

228Records found

CVE-2019-3927
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 80.05%
||
7 Day CHG~0.00%
Published-30 Apr, 2019 | 20:15
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface.

Action-Not Available
Vendor-Crestron Electronics, Inc.
Product-am-101am-100am-101_firmwaream-100_firmwareCrestron AirMedia
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2022-23178
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-75.71% / 99.46%
||
7 Day CHG~0.00%
Published-15 Jan, 2022 | 14:40
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.

Action-Not Available
Vendor-n/aCrestron Electronics, Inc.
Product-hd-md4x2-4k-ehd-md4x2-4k-e_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-10630
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-10.91% / 95.34%
||
7 Day CHG~0.00%
Published-10 Aug, 2018 | 19:00
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

Action-Not Available
Vendor-ICS-CERTCrestron Electronics, Inc.
Product-tsw-1060-nc-w-stsw-760-nc-b-stsw-760-nc-w-smc3mc3_firmwaretsw-1060-nc-b-stsw-760-b-stsw-760-w-stsw-560-b-stsw-560-nc-b-stsw-560-w-stsw-x60_firmwaretsw-560-nc-w-stsw-1060-b-stsw-1060-w-sCrestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2018-16737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 70.64%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 00:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.

Action-Not Available
Vendor-starwindsoftwaretinc-vpnn/a
Product-tincstarwind_virtual_sann/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-2904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.68%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:08
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-15667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 57.21%
||
7 Day CHG~0.00%
Published-21 Aug, 2018 | 23:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an attacker crafted email from the target account.

Action-Not Available
Vendor-airmailappn/a
Product-airmailn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-16496
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 18:46
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Versa Director, the un-authentication request found.

Action-Not Available
Vendor-n/aVersa Networks, Inc.
Product-versa_directorVersa Director
CWE ID-CWE-287
Improper Authentication
CVE-2023-0905
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-3.19% / 86.54%
||
7 Day CHG~0.00%
Published-18 Feb, 2023 | 07:39
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_task_management_systemEmployee Task Management System
CWE ID-CWE-287
Improper Authentication
CVE-2007-1966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.24% / 65.45%
||
7 Day CHG+0.16%
Published-11 Apr, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

Action-Not Available
Vendor-exv2n/a
Product-content_management_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-48494
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.29%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2022-48496
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.29%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2024-37313
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.40% / 32.15%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 14:50
Updated-26 Sep, 2025 | 23:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisoriesserver
CWE ID-CWE-287
Improper Authentication
CVE-2020-28002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.06% / 60.45%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 02:06
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.

Action-Not Available
Vendor-sonarsourcen/a
Product-sonarquben/a
CWE ID-CWE-287
Improper Authentication
CVE-2006-2224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.36% / 95.16%
||
7 Day CHG~0.00%
Published-05 May, 2006 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

Action-Not Available
Vendor-quaggan/a
Product-quagga_routing_software_suiten/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-28874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.36% / 81.74%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 15:01
Updated-05 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).

Action-Not Available
Vendor-projectsendn/a
Product-projectsendn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2016-9646
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-5.3||MEDIUM
EPSS-1.18% / 63.87%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 15:00
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commit metadata forgery via CGI::FormBuilder context-dependent APIs

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

Action-Not Available
Vendor-ikiwikiikiwikiDebian GNU/Linux
Product-ikiwikidebian_linuxikiwiki
CWE ID-CWE-287
Improper Authentication
CVE-2006-0416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.50% / 71.22%
||
7 Day CHG~0.00%
Published-25 Jan, 2006 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.

Action-Not Available
Vendor-sleeperchatn/a
Product-sleeperchatn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-7141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.40% / 94.31%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

Action-Not Available
Vendor-n/aCURLopenSUSE
Product-leaplibcurln/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-44574
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-64.82% / 99.15%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 00:00
Updated-28 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

Action-Not Available
Vendor-n/aIvanti Software
Product-avalancheIvanti Avalanche
CWE ID-CWE-287
Improper Authentication
CVE-2016-6544
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.44% / 87.52%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 20:00
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iTrack Easy's getgps data can be modified without authentication

getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.

Action-Not Available
Vendor-ieasyteciTrack
Product-itrack_easyEasy
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2016-4432
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.1||CRITICAL
EPSS-8.15% / 94.16%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-qpid_broker-jn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-1888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 76.86%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-0755
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-9.33% / 94.78%
||
7 Day CHG~0.00%
Published-29 Jan, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Action-Not Available
Vendor-n/aCanonical Ltd.CURLDebian GNU/Linux
Product-debian_linuxubuntu_linuxcurln/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-41738
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.52%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 16:17
Updated-31 Dec, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Scale security bypass

IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scale_container_native_storage_accesslinux_kernelStorage Scale Container Native Storage Accessspectrum_scale
CWE ID-CWE-287
Improper Authentication
CVE-2022-39251
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.87% / 54.48%
||
7 Day CHG+0.01%
Published-28 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-javascript_sdkmatrix-js-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2015-6926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.75%
||
7 Day CHG-0.01%
Published-19 Jan, 2018 | 15:00
Updated-06 Aug, 2024 | 07:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.

Action-Not Available
Vendor-oxid-esalesn/a
Product-eshopn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-39289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.75% / 50.58%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-22 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Action-Not Available
Vendor-zoneminderZoneMinder
Product-zoneminderzoneminder
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2022-39257
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:55
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-ios-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39255
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:35
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-ios-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39248
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:05
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-android-sdk2
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39246
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 45.65%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:00
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-android-sdk2
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39249
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.78%
||
7 Day CHG+0.01%
Published-28 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-javascript_sdkmatrix-js-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39252
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 38.28%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 14:15
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-matrix-rust-sdkmatrix-rust-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39250
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.48%
||
7 Day CHG+0.01%
Published-29 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-javascript_sdkmatrix-js-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39019
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 28.87%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 20:09
Updated-02 May, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.

Action-Not Available
Vendor-M-Files Oy
Product-hubshareHubshare
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-21635
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.67%
||
7 Day CHG+0.01%
Published-14 Nov, 2025 | 14:11
Updated-26 Nov, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. In versions up to and including 0.18.1, though, the bad actor will still have access to their account because the bad actor's Access Token stays on the list as a valid token. The user will have to manually delete the bad actor's Access Token to secure their account. The list of Access Tokens has a generic Description which makes it hard to pinpoint a bad actor in a list of Access Tokens. A known patched version of Memos isn't available. To improve Memos security, all Access Tokens will need to be revoked when a user changes their password. This removes the session for all the user's devices and prompts the user to log in again. One can treat the old Access Tokens as "invalid" because those Access Tokens were created with the older password.

Action-Not Available
Vendor-Usememos
Product-memosmemos
CWE ID-CWE-287
Improper Authentication
CVE-2026-48897
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-8.2||HIGH
EPSS-0.21% / 11.42%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:44
Updated-28 May, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla! Core - [20260512] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-287
Improper Authentication
CVE-2020-15949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.27%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 14:35
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.

Action-Not Available
Vendor-immutan/a
Product-immutan/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-46579
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.23% / 13.79%
||
7 Day CHG+0.01%
Published-29 May, 2026 | 09:50
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift_routerRed Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.22
CWE ID-CWE-287
Improper Authentication
CVE-2015-3457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-25.22% / 97.67%
||
7 Day CHG~0.00%
Published-29 Apr, 2015 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.

Action-Not Available
Vendor-magenton/a
Product-magenton/a
CWE ID-CWE-287
Improper Authentication
CVE-2004-2736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.36% / 91.66%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.

Action-Not Available
Vendor-polar_softwaren/a
Product-helpdeskn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-14504
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-1.25% / 65.70%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:26
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-1734-aentr_point_i\/o_dual_port_network_adaptor_series_b1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware1734-aentr_point_i\/o_dual_port_network_adaptor_series_c1734-AENTR
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2026-44847
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.73%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 20:16
Updated-01 Jun, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaxKB: Webhook Trigger Authentication Bypass

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which Django REST Framework interprets as successful authentication. Combined with optional per-trigger token verification and no backend enforcement of token requirements, any unauthenticated attacker who knows a valid trigger ID can invoke webhook triggers to execute their bound tasks. This vulnerability is fixed in 2.9.0.

Action-Not Available
Vendor-1Panel (FIT2CLOUD Inc.)
Product-MaxKB
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 80.75%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 12:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Action-Not Available
Vendor-evenrouten/a
Product-iqrouter_firmwareiqroutern/a
CWE ID-CWE-287
Improper Authentication
CVE-2003-1489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.90% / 55.35%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.

Action-Not Available
Vendor-truegalerien/a
Product-truegalerien/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-10816
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.85% / 90.95%
||
7 Day CHG+0.06%
Published-08 Oct, 2020 | 16:50
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-0822
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 15:18
Updated-20 Nov, 2025 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ovirt: authentication bypass

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Action-Not Available
Vendor-ovirtRed Hat, Inc.
Product-ovirt-engineRed Hat Virtualization Engine 4.4
CWE ID-CWE-1390
Weak Authentication
CWE ID-CWE-287
Improper Authentication
CVE-2026-40177
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.33% / 24.84%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 19:29
Updated-21 Apr, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Password bypass when 2FA is activated

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

Action-Not Available
Vendor-ajentiajenti
Product-ajenti_plugin_coreajenti
CWE ID-CWE-287
Improper Authentication
CVE-2020-10278
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-6.1||MEDIUM
EPSS-0.97% / 57.43%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 04:55
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#2561: Unprotected BIOS allows user to boot from live OS image.

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.

Action-Not Available
Vendor-aliasroboticsenabled-roboticsmobile-industrial-roboticsuvd-robotsMobile Industrial Robots A/S
Product-er200mir250_firmwareer200_firmwareer-flex_firmwaremir500mir100_firmwareuvd_robots_firmwareer-oneer-lite_firmwaremir1000_firmwaremir500_firmwaremir200_firmwareer-liteer-flexer-one_firmwareuvd_robotsmir100mir200mir1000mir250MiR100
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2026-34834
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.25% / 16.43%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 19:11
Updated-09 Apr, 2026 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.

Action-Not Available
Vendor-bulwarkmailbulwarkmail
Product-webmailwebmail
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found