Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-26034

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-15 Apr, 2022 | 01:45
Updated At-03 Aug, 2024 | 04:56
Rejected At-
Credits

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:15 Apr, 2022 | 01:45
Updated At:03 Aug, 2024 | 04:56
Rejected At:
▼CVE Numbering Authority (CNA)

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

Affected Products
Vendor
Yokogawa Electric Corporation
Product
CENTUM VP series with VP6E5000(AD Suite Engineering ServerFunction) installed and B/M9000 VP
Versions
Affected
  • CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01
Problem Types
TypeCWE IDDescription
textN/AImproper Authentication
Type: text
CWE ID: N/A
Description: Improper Authentication
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
x_refsource_MISC
https://jvn.jp/vu/JVNVU99204686/index.html
x_refsource_MISC
Hyperlink: https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
Resource:
x_refsource_MISC
Hyperlink: https://jvn.jp/vu/JVNVU99204686/index.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
x_refsource_MISC
x_transferred
https://jvn.jp/vu/JVNVU99204686/index.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://jvn.jp/vu/JVNVU99204686/index.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:15 Apr, 2022 | 02:15
Updated At:22 Apr, 2022 | 18:45

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches

yokogawa
yokogawa
>>b\/m9000_vp>>Versions from r8.01.01(inclusive) to r8.03.01(inclusive)
cpe:2.3:a:yokogawa:b\/m9000_vp:*:*:*:*:*:*:*:*
yokogawa
yokogawa
>>centum_vp>>Versions from r6.01.10(inclusive) to r6.09.00(inclusive)
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:-:*:*:*
yokogawa
yokogawa
>>centum_vp>>Versions from r6.01.10(inclusive) to r06.09.00(inclusive)
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:basic:*:*:*
yokogawa
yokogawa
>>centum_vp>>Versions from r6.01.10(inclusive) to r6.09.00(inclusive)
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:small:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://jvn.jp/vu/JVNVU99204686/index.htmlvultures@jpcert.or.jp
Third Party Advisory
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/vultures@jpcert.or.jp
Vendor Advisory
Hyperlink: https://jvn.jp/vu/JVNVU99204686/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
Hyperlink: https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

178Records found

CVE-2024-28200
Matching Score-4
Assigner-N-able
ShareView Details
Matching Score-4
Assigner-N-able
CVSS Score-9.1||CRITICAL
EPSS-1.95% / 77.73%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 20:49
Updated-22 Aug, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N-central Authentication Bypass

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Action-Not Available
Vendor-n-ableN-ablen-able
Product-n-centralN-centraln-central
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2024-25128
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.86% / 53.95%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 15:30
Updated-14 Oct, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.

Action-Not Available
Vendor-dpgaspardpgaspardpgaspar
Product-flask-appbuilderFlask-AppBuilderflask-appbuilder
CWE ID-CWE-287
Improper Authentication
CVE-2024-23255
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.67% / 47.54%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmacOSiOS and iPadOSiosipadosmacos
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2007-1966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.24% / 65.44%
||
7 Day CHG+0.16%
Published-11 Apr, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

Action-Not Available
Vendor-exv2n/a
Product-content_management_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-21638
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.66% / 73.74%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 21:44
Updated-03 Jun, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

Action-Not Available
Vendor-AzureMicrosoft Corporation
Product-azure_ipamipam
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-287
Improper Authentication
CVE-2024-1735
Matching Score-4
Assigner-LY Corporation
ShareView Details
Matching Score-4
Assigner-LY Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.83% / 53.19%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 07:25
Updated-26 Aug, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Action-Not Available
Vendor-linecorpLINE Corporationlinecorp
Product-armeriaArmeriaarmeria
CWE ID-CWE-287
Improper Authentication
CVE-2023-40260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 40.66%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.

Action-Not Available
Vendor-empoweridn/a
Product-empoweridn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-7958
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.4||HIGH
EPSS-1.11% / 61.87%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-espace_7950_firmwareespace_7950eSpace 7950
CWE ID-CWE-287
Improper Authentication
CVE-2018-7236
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.1||HIGH
EPSS-1.34% / 67.88%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-287
Improper Authentication
CVE-2024-10474
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.80%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:19
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus for iOSfocus_for_ios
CWE ID-CWE-287
Improper Authentication
CVE-2023-5376
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-8.6||HIGH
EPSS-1.41% / 69.47%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:44
Updated-08 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TFTP Without Authentication

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

Action-Not Available
Vendor-korenixKorenix
Product-jetnet_7628x-4f-eujetnet_4508jetnet_6528gf-2ac-us_firmwarejetnet_6910g-m12_hvdc_firmwarejetnet_5612g-4fjetnet_7628xp-4f-eu_firmwarejetnet_6628x-4f-eujetnet_4508-wjetnet_4508f-mw_firmwarejetnet_6528gf-2dc48jetnet_6828gf-ac-dc24-us_firmwarejetnet_6528gf-ac-eu_firmwarejetnet_7628xp-4f-usjetnet_4508if-s_firmwarejetnet_6528gf-2dc48_firmwarejetnet_4508if-m_firmwarejetnet_7628xp-4f-us_firmwarejetnet_7628xp-4f-eujetnet_4508f-sw_firmwarejetnet_4508f-swjetnet_4508f-mwjetnet_6828gf-2ac-aujetnet_6910g-m12_hvdcjetnet_6828gf-2dc48_firmwarejetnet_5612gp-4fjetnet_6528gf-2dc24_firmwarejetnet_4508i-w_firmwarejetnet_4508f-mjetnet_4508f-s_firmwarejetnet_6528gf-2ac-usjetnet_6828gf-2ac-eujetnet_5620g-4cjetnet_7714g-m12_hvdc_firmwarejetnet_6728g-24p-ac-2dc-usjetnet_5620g-4c_firmwarejetnet_4508if-swjetnet_6528gf-2dc24jetnet_6528gf-ac-eujetnet_5728g-24p-ac-2dc-eu_firmwarejetnet_6628xp-4f-us_firmwarejetnet_6728g-24p-ac-2dc-us_firmwarejetnet_6828gf-2dc24jetnet_4508if-sjetnet_5728g-24p-ac-2dc-us_firmwarejetnet_4508if-sw_firmwarejetnet_5612g-4f_firmwarejetnet_6628xp-4f-usjetnet_6828gf-ac-dc24-eujetnet_4508i-wjetnet_7628x-4f-eu_firmwarejetnet_7310g-v2jetnet_4508-w_firmwarejetnet_6828gf-ac-dc24-usjetnet_4508if-mwjetnet_6828gf-2ac-usjetnet_7714g-m12_hvdcjetnet_5728g-24p-ac-2dc-eujetnet_6828gf-2ac-au_firmwarejetnet_6828gf-ac-dc24-eu_firmwarejetnet_5612gp-4f_firmwarejetnet_6728g-24p-ac-2dc-eu_firmwarejetnet_6528gf-ac-usjetnet_6728g-24p-ac-2dc-eujetnet_6828gf-2dc24_firmwarejetnet_6828gf-ac-usjetnet_5310gjetnet_6628x-4f-eu_firmwarejetnet_5728g-24p-ac-2dc-usjetnet_4508if-mw_firmwarejetnet_7628x-4f-usjetnet_4508f-m_firmwarejetnet_4508_firmwarejetnet_6828gf-2ac-eu_firmwarejetnet_6828gf-ac-us_firmwarejetnet_5310g_firmwarejetnet_4508if-mjetnet_6828gf-2dc48jetnet_4508f-sjetnet_6528gf-2ac-eu_firmwarejetnet_6828gf-2ac-us_firmwarejetnet_6528gf-ac-us_firmwarejetnet_7310g-v2_firmwarejetnet_6528gf-2ac-eujetnet_7628x-4f-us_firmwareJetNet Series
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-49454
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 3.28%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 20:52
Updated-22 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was incomplete as :public_key.verify over the exclusive-C14N canonicalized SignedInfo was not performed against the configured IdP certificate's public key, DigestValue was not recomputed over the canonicalized referenced element, and canonicalize/2 remained an unused passthrough in the signature-verification path. The result was a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes. A forged SignatureValue carrying an attacker-controlled NameID could be accepted as {:ok}. This issue has been fixed in version 1.2.0.

Action-Not Available
Vendor-szTheory
Product-relyra
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-3761
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-1.66% / 73.75%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serverNextcloud Server
CWE ID-CWE-287
Improper Authentication
CVE-2023-4562
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.85% / 53.69%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 01:26
Updated-27 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-fx3g-40mt\/es_firmwarefx3g-60_mt\/dss_firmwarefx3uc-16mt\/d-p4_firmwarefx3u-48mr\/dsfx3u-48mt\/es-afx3u-32mr\/es-afx3u-48mr\/ds_firmwarefx3u-128mr\/es-afx3u-80mt\/dss_firmwarefx3uc-32mt-lt-2_firmwarefx3u-16mt\/dss_firmwarefx3s-10mt\/es_firmwarefx3g-4da-adp_firmwarefx3s-10mt\/dssfx3u-32mr\/dsfx3u-128mt\/es-afx3g-4da-pnk-adpfx3g-24mt\/es_firmwarefx3s-20mt\/dsfx3u-32mt\/dsfx3g-40_mt\/es_firmwarefx3u-80mt\/esfx3s-14mt\/dssfx3u-enet-p502_firmwarefx3g-14_mt\/dssfx3s-10mt\/dss_firmwarefx3sa-10mr-cmfx3gc_firmwarefx3g-14mr\/es-a_firmwarefx3u-16mr\/es-afx3g-4da-pnk-adp_firmwarefx3g-232adp\(-mb\)fx3uc-16mt\/dfx3s-30mt\/ess-2ad_firmwarefx3g-232adp\(-mb\)_firmwarefx3ge-24mr\/es_firmwarefx3g-24mt\/essfx3s-20mt\/dss_firmwarefx3u-64mt\/essfx3uc-32mt\/dss_firmwarefx3u-128mt\/es_firmwarefx3s-20mt\/es_firmwarefx3g-14_mr\/ds_firmwarefx3s-10mt\/ess_firmwarefx3g-40mt\/ess_firmwarefx3u-80mr\/es-afx3g-40mt\/essfx3u-32ms\/es_firmwarefx3u-64mr\/ua1_firmwarefx3g-24mt\/dss_firmwarefx3g-40_mt\/dss_firmwarefx3s-20mt\/esfx3u-32mr\/ua1fx3u-128mr\/es_firmwarefx3uc-16mt\/d_firmwarefx3s-10mt\/esfx3u-32mr\/ds_firmwarefx3g-14mt\/essfx3u-16mt\/esfx3ga-40mt-cm_firmwarefx3g-cnv-adp_firmwarefx3g-60mr\/es-a_firmwarefx3s-14mr\/ds_firmwarefx3ge-40mr\/dsfx3ge-40mr\/esfx3s-30mt\/es_firmwarefx3u-32mt\/es_firmwarefx3u-16mr\/ds_firmwarefx3s-14mt\/esfx3uc_firmwarefx3uc-64mt\/dss_firmwarefx3ge-24mr\/esfx3u-32mr\/es-a_firmwarefx3u-80mt\/dsfx3u-32mt\/es-afx3g-40_mt\/ds_firmwarefx3ge-24mt\/essfx3uc-96mt\/dss_firmwarefx3g-14_mr\/dsfx3ge-24mr\/ds_firmwarefx3sa-14mt-cm_firmwarefx3gcfx3g-60_mr\/ds_firmwarefx3g-60mr\/dsfx3g-14mr\/es-afx3g-40mr\/dsfx3u-16mt\/es_firmwarefx3ga-40mt-cmfx3s-20mr\/ds_firmwarefx3ge-24mt\/dss_firmwarefx3ge-40mr\/es_firmwarefx3u-16mr\/dsfx3s-10mr\/es_firmwarefx3g-60_mt\/dsfx3ucfx3sa-30mr-cm_firmwarefx3ge-40mt\/essfx3sa-20mt-cmfx3uc-16mr\/ds-t_firmwarefx3uc-96mt\/d_firmwarefx3sa-20mr-cm_firmwarefx3g-24mt\/es-a_firmwarefx3g-14mr\/dsfx3s-14mt\/essfx3u-128mr\/es-a_firmwarefx3ga-60mt-cmfx3g-60mt\/es-a_firmwarefx3u-32mt\/ess_firmwarefx3u-80mr\/ds_firmwarefx3g-14_mt\/ess_firmwarefx3uc-32mt\/dssfx3uc-16mr\/ds-tfx3g-4ad-adpfx3u-16mt\/es-a_firmwarefx3u-32mt\/dss_firmwarefx3g-24mt\/ds_firmwarefx3s-10mr\/dsfx3g-40mr\/es-a_firmwarefx3uc-16mt\/d-p4fx3g-60_mt\/ess_firmwarefx3u-48mt\/ds_firmwarefx3g-24_mr\/dsfx3g-24_mt\/dsfx3g-4ad-ptw-adpfx3g-60_mt\/essfx3uc-16mt\/dss-p4fx3u-64mt\/es_firmwarefx3sa-14mr-cmfx3u-16mr\/esfx3u-48mr\/esfx3uc-32mt-ltfx3sa-30mr-cmfx3s-30mt\/ds_firmwarefx3g-40_mr\/dsfx3u-48mt\/dssfx3g-24mt\/ess_firmwarefx3u-80mt\/es-a_firmwarefx3u-80mt\/es-afx3g-60mt\/essfx3uc-16mr\/d-t_firmwarefx3u-80mr\/dsfx3s-10mt\/dsfx3u-16mt\/ess_firmwarefx3u-64mt\/ds_firmwarefx3u-48mr\/es_firmwarefx3u-64mr\/ds_firmwarefx3uc-64mt\/dfx3g-60_mt\/esfx3u-64ms\/esfx3g-24_mt\/ds_firmwarefx3s-14mt\/es_firmwarefx3ge-40mr\/ds_firmwarefx3g-60mt\/esfx3g-40_mt\/dsfx3g-14_mr\/esfx3g-24_mt\/dss_firmwarefx3g-24_mt\/es_firmwarefx3g-60_mr\/es_firmwarefx3g-40mt\/dssfx3ge-24mt\/es_firmwarefx3u-48mr\/es-a_firmwarefx3g-60mt\/es_firmwarefx3s-30mt\/dssfx3u-128mr\/esfx3g-14mt\/ds_firmwarefx3u-64mr\/es-a_firmwarefx3gc-32mt\/dssfx3u-48mt\/essfx3u-16mt\/es-afx3u-64mr\/es-afx3g-40mt\/dss_firmwarefx3u-enet-p502fx3g-485adp\(-mb\)_firmwarefx3u-64mt\/dss_firmwarefx3ge-24mr\/dsfx3sa-10mr-cm_firmwarefx3sa-14mt-cmfx3u-64mt\/dssfx3g-60_mr\/dsfx3g-60_mr\/esfx3ge-24mt\/esfx3ge-24mt\/ds_firmwarefx3ge-40mt\/ess_firmwarefx3s-30mr\/ds_firmwarefx3g-3a-adp_firmwarefx3g-14mt\/ess_firmwarefx3g-14mt\/es-a_firmwarefx3u-48mt\/esfx3u-80mr\/es_firmwarefx3g-24mr\/dsfx3u-48mt\/dsfx3s-10mt\/ds_firmwarefx3s-14mr\/dsfx3g-60_mt\/es_firmwarefx3g-40_mt\/dssfx3s-20mr\/dsfx3ge-24mt\/dssfx3g-32_mt\/dss_firmwarefx3ga-40mr-cmfx3ge-40mt\/dssfx3uc-16mt\/dssfx3u-32mt\/es-a_firmwarefx3s-30mr\/dsfx3u-enet_firmwarefx3g-14_mt\/dss_firmwarefx3g-60_mt\/ds_firmwarefx3sa-30mt-cm_firmwarefx3g-4ad-pt-adpfx3s-20mt\/ess_firmwarefx3s-30mt\/es-2adfx3u-32mr\/esfx3s-20mt\/ds_firmwarefx3s-30mt\/esfx3g-14_mt\/dsfx3g-24_mt\/ess_firmwarefx3g-40mt\/es-a_firmwarefx3sa-10mt-cm_firmwarefx3u-48mt\/es-a_firmwarefx3g-14mr\/ds_firmwarefx3sa-20mr-cmfx3g-14mt\/dsfx3g-60mr\/ds_firmwarefx3s-30mt\/essfx3g-24mt\/dssfx3g-24_mt\/essfx3u-enet-l_firmwarefx3s-14mt\/dss_firmwarefx3ge-40mt\/esfx3s-30mt\/ess-2adfx3g-14_mt\/es_firmwarefx3s-14mt\/dsfx3g-40mr\/es_firmwarefx3uc-32mt\/dfx3uc-96mt\/dfx3g-40_mr\/es_firmwarefx3u-64mt\/dsfx3u-48mt\/ess_firmwarefx3u-80mt\/ds_firmwarefx3g-24_mr\/ds_firmwarefx3ga-60mt-cm_firmwarefx3g-14_mt\/ds_firmwarefx3g-24mt\/es-afx3u-64ms\/es_firmwarefx3g-14mr\/es_firmwarefx3ge-24mt\/dsfx3u-80mr\/es-a_firmwarefx3sa-20mt-cm_firmwarefx3g-14_mr\/es_firmwarefx3s-30mr\/esfx3s-14mt\/ess_firmwarefx3s-30mt\/dss_firmwarefx3u-128mt\/ess_firmwarefx3s-30mt\/dsfx3u-80mt\/ess_firmwarefx3uc-32mt\/d_firmwarefx3s-30mt\/ess_firmwarefx3g-60mr\/es-afx3g-14mt\/es-afx3u-64mt\/ess_firmwarefx3g-4ad-adp_firmwarefx3s-20mr\/esfx3ge-40mt\/dss_firmwarefx3g-4ad-tc-adpfx3u-32ms\/esfx3u-enetfx3ga-24mt-cm_firmwarefx3u-48mt\/dss_firmwarefx3u-64mr\/es_firmwarefx3s-14mr\/esfx3uc-16mr\/d-tfx3uc-16mt\/dss_firmwarefx3g-14_mt\/essfx3u-32mr\/es_firmwarefx3g-40mt\/esfx3u-64mr\/esfx3g-40mr\/ds_firmwarefx3g-3a-adpfx3g-60mr\/es_firmwarefx3g-40mt\/ds_firmwarefx3g-4ad-pt-adp_firmwarefx3u-128mt\/es-a_firmwarefx3g-14mt\/dssfx3u-48mr\/es-afx3uc-64mt\/dssfx3g-14mt\/esfx3u-32mt\/esfx3g-24_mr\/es_firmwarefx3u-32mr\/ua1_firmwarefx3ge-24mt\/ess_firmwarefx3g-32_mt\/dssfx3g-40_mt\/esfx3g-24mr\/es-afx3g-cnv-adpfx3g-14mr\/esfx3g-4ad-ptw-adp_firmwarefx3ga-60mr-cmfx3g-24mr\/ds_firmwarefx3ge-40mt\/ds_firmwarefx3g-40_mr\/ds_firmwarefx3u-64mr\/dsfx3s-30mt\/es-2ad_firmwarefx3u-80mt\/es_firmwarefx3u-128mt\/esfx3g-40mt\/dsfx3g-40_mr\/esfx3uc-16mt\/dss-p4_firmwarefx3g-60mr\/esfx3g-24mt\/dsfx3u-64mt\/esfx3s-10mt\/essfx3s-10mr\/ds_firmwarefx3g-40mr\/es-afx3u-32mt\/dssfx3u-64mr\/ua1fx3gc-32mt\/dss_firmwarefx3u-80mt\/essfx3s-30mr\/es-2ad_firmwarefx3u-16mt\/ds_firmwarefx3u-16mt\/dsfx3g-60mt\/dss_firmwarefx3g-24mt\/esfx3sa-30mt-cmfx3u-16mt\/dssfx3s-20mt\/essfx3g-60mt\/dssfx3uc-32mt-lt-2fx3ga-60mr-cm_firmwarefx3gc-32mt\/dfx3g-40mt\/es-afx3s-30mr\/es_firmwarefx3g-485adp\(-mb\)fx3u-128mt\/essfx3s-20mt\/dssfx3g-24_mt\/dssfx3g-40mr\/esfx3g-4ad-tc-adp_firmwarefx3s-14mt\/ds_firmwarefx3g-60_mt\/dssfx3u-80mt\/dssfx3ga-24mt-cmfx3sa-10mt-cmfx3ga-24mr-cm_firmwarefx3gc-32mt\/d_firmwarefx3u-48mt\/es_firmwarefx3ga-24mr-cmfx3g-24mr\/es-a_firmwarefx3u-32mt\/ds_firmwarefx3ge-40mt\/dsfx3g-24_mr\/esfx3g-40_mt\/ess_firmwarefx3g-24_mt\/esfx3ga-40mr-cm_firmwarefx3ge-40mt\/es_firmwarefx3u-64mt\/es-afx3u-16mt\/essfx3g-4da-adpfx3u-64mt\/es-a_firmwarefx3g-14mt\/dss_firmwarefx3g-60mt\/ess_firmwarefx3g-14mt\/es_firmwarefx3sa-14mr-cm_firmwarefx3g-24mr\/es_firmwarefx3u-16mr\/es_firmwarefx3s-14mr\/es_firmwarefx3g-40_mt\/essfx3uc-64mt\/d_firmwarefx3uc-32mt-lt_firmwarefx3uc-96mt\/dssfx3g-24mr\/esfx3g-60mt\/dsfx3u-80mr\/esfx3u-16mr\/es-a_firmwarefx3g-60mt\/es-afx3g-14_mt\/esfx3g-60mt\/ds_firmwarefx3s-10mr\/esfx3s-20mr\/es_firmwarefx3s-30mr\/es-2adfx3u-enet-lfx3u-32mt\/essMELSEC-F Series FX3U-80MT/ES-AMELSEC-F Series FX3UC-16MT/DMELSEC-F Series FX3U-48MR/ES-AMELSEC-F Series FX3U-128MR/ES-AMELSEC-F Series FX3U-80MT/ESMELSEC-F Series FX3S-10MR/ESMELSEC-F Series FX3U-128MT/DSMELSEC-F Series FX3U-64MR/UA1MELSEC-F Series FX3U-80MR/ESMELSEC-F Series FX3U-80MT/ESSMELSEC-F Series FX3SA-30MR-CMMELSEC-F Series FX3U-16MT/ESMELSEC-F Series FX3G-24MT/ESMELSEC-F Series FX3U-32MR/DSMELSEC-F Series FX3U-48MR/ESMELSEC-F Series FX3U-32MR/UA1MELSEC-F Series FX3GA-60MR-CMMELSEC-F Series FX3GE-40MT/DSMELSEC-F Series FX3G-60MT/ESMELSEC-F Series FX3G-40MT/DSMELSEC-F Series FX3G-24MT/DSMELSEC-F Series FX3GA-40MR-CMMELSEC-F Series FX3GA-60MT-CMMELSEC-F Series FX3G-40MR/ESMELSEC-F Series FX3U-64MT/ESSMELSEC-F Series FX3UC-64MT/DSSMELSEC-F Series FX3S-10MT/DSMELSEC-F Series FX3U-128MT/ESMELSEC-F Series FX3G-24MR/ESMELSEC-F Series FX3G-24MR/ES-AMELSEC-F Series FX3U-80MR/ES-AMELSEC-F Series FX3G-14MR/ES-AMELSEC-F Series FX3U-48MT/ES-AMELSEC-F Series FX3S-14MT/ESMELSEC-F Series FX3U-32MR/ESMELSEC-F Series FX3G-14MT/DSMELSEC-F Series FX3G-40MT/ES-AMELSEC-F Series FX3SA-14MT-CMMELSEC-F Series FX3GE-40MR/ESMELSEC-F Series FX3U-128MT/ESSMELSEC-F Series FX3S-14MR/ESMELSEC-F Series FX3G-60MR/ESMELSEC-F Series FX3GE-24MT/DSSMELSEC-F Series FX3U-80MT/DSSMELSEC-F Series FX3GE-40MT/DSSMELSEC-F Series FX3U-48MT/ESSMELSEC-F Series FX3SA-10MT-CMMELSEC-F Series FX3U-32MT/DSMELSEC-F Series FX3U-16MT/DSSMELSEC-F Series FX3S-14MT/DSMELSEC-F Series FX3G-40MR/ES-AMELSEC-F Series FX3S-30MT/DSMELSEC-F Series FX3UC-32MT/DMELSEC-F Series FX3U-64MR/DSMELSEC-F Series FX3GE-40MT/ESSMELSEC-F Series FX3S-10MT/ESSMELSEC-F Series FX3G-24MT/ESSMELSEC-F Series FX3S-20MR/ESMELSEC-F Series FX3SA-20MT-CMMELSEC-F Series FX3S-30MT/DSSMELSEC-F Series FX3G-14MT/ESMELSEC-F Series FX3SA-20MR-CMMELSEC-F Series FX3GE-24MT/DSMELSEC-F Series FX3G-60MT/ES-AMELSEC-F Series FX3G-24MT/DSSMELSEC-F Series FX3U-16MR/ES-AMELSEC-F Series FX3U-48MT/ESMELSEC-F Series FX3G-60MT/DSMELSEC-F Series FX3UC-32MT/DSSMELSEC-F Series FX3UC-16MR/DS-TMELSEC-F Series FX3U-64MS/ESMELSEC-F Series FX3S-30MR/DSMELSEC-F Series FX3S-20MR/DSMELSEC-F Series FX3S-20MT/ESMELSEC-F Series FX3UC-32MT-LTMELSEC-F Series FX3G-60MR/DSMELSEC-F Series FX3UC-16MT/D-P4MELSEC-F Series FX3U-32MT/ESSMELSEC-F Series FX3G-24MR/DSMELSEC-F Series FX3U-48MR/DSMELSEC-F Series FX3U-128MR/ESMELSEC-F Series FX3S-30MT/ESMELSEC-F Series FX3S-10MR/DSMELSEC-F Series FX3U-64MT/DSMELSEC-F Series FX3G-60MT/ESSMELSEC-F Series FX3S-10MT/ESMELSEC-F Series FX3U-64MR/ESMELSEC-F Series FX3G-14MT/ESSMELSEC-F Series FX3U-64MT/DSSMELSEC-F Series FX3U-32MS/ESMELSEC-F Series FX3S-20MT/ESSMELSEC-F Series FX3UC-96MT/DMELSEC-F Series FX3G-60MT/DSSMELSEC-F Series FX3U-32MT/DSSMELSEC-F Series FX3U-64MT/ESMELSEC-F Series FX3SA-14MR-CMMELSEC-F Series FX3U-32MT/ES-AMELSEC-F Series FX3U-80MT/DSMELSEC-F Series FX3U-64MT/ES-AMELSEC-F Series FX3U-128MT/ES-AMELSEC-F Series FX3GE-24MR/ESMELSEC-F Series FX3U-128MR/DSMELSEC-F Series FX3U-64MR/ES-AMELSEC-F Series FX3U-48MT/DSSMELSEC-F Series FX3U-16MR/DSMELSEC-F Series FX3G-60MR/ES-AMELSEC-F Series FX3S-20MT/DSSMELSEC-F Series FX3U-128MT/DSSMELSEC-F Series FX3S-30MR/ESMELSEC-F Series FX3U-48MT/DSMELSEC-F Series FX3GA-24MR-CMMELSEC-F Series FX3S-30MT/ESSMELSEC-F Series FX3UC-96MT/DSSMELSEC-F Series FX3G-14MR/ESMELSEC-F Series FX3SA-30MT-CMMELSEC-F Series FX3U-16MR/ESMELSEC-F Series FX3UC-16MT/DSS-P4MELSEC-F Series FX3GE-40MT/ESMELSEC-F Series FX3G-14MR/DSMELSEC-F Series FX3U-32MR/ES-AMELSEC-F Series FX3U-16MT/ESSMELSEC-F Series FX3U-80MR/DSMELSEC-F Series FX3S-30MR/ES-2ADMELSEC-F Series FX3GA-40MT-CMMELSEC-F Series FX3G-40MT/DSSMELSEC-F Series FX3GC-32MT/DMELSEC-F Series FX3UC-16MT/DSSMELSEC-F Series FX3GE-24MT/ESSMELSEC-F Series FX3GE-24MR/DSMELSEC-F Series FX3G-40MR/DSMELSEC-F Series FX3SA-10MR-CMMELSEC-F Series FX3S-20MT/DSMELSEC-F Series FX3G-14MT/DSSMELSEC-F Series FX3G-24MT/ES-AMELSEC-F Series FX3U-16MT/DSMELSEC-F Series FX3G-14MT/ES-AMELSEC-F Series FX3S-14MT/DSSMELSEC-F Series FX3G-40MT/ESMELSEC-F Series FX3S-30MT/ES-2ADMELSEC-F Series FX3GC-32MT/DSSMELSEC-F Series FX3S-10MT/DSSMELSEC-F Series FX3UC-16MR/D-TMELSEC-F Series FX3GE-40MR/DSMELSEC-F Series FX3GE-24MT/ESMELSEC-F Series FX3UC-32MT-LT-2MELSEC-F Series FX3U-16MT/ES-AMELSEC-F Series FX3S-14MT/ESSMELSEC-F Series FX3S-14MR/DSMELSEC-F Series FX3UC-64MT/DMELSEC-F Series FX3S-30MT/ESS-2ADMELSEC-F Series FX3G-40MT/ESSMELSEC-F Series FX3GA-24MT-CMMELSEC-F Series FX3U-32MT/ES
CWE ID-CWE-287
Improper Authentication
CVE-2023-43551
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 16.96%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Multi-Mode Call Processor

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_wear_3100_firmwaresdm429w_firmwareqcm8550_firmwareapq8017sd865_5gqcs410_firmwarerobotics_rb3sw5100psxr1120qcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_7c_gen_2_compute_firmwaresnapdragon_670_mobileqca4004qca6696snapdragon_x70_modem-rf_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700wcn3610snapdragon_208_firmwaresnapdragon_750g_5g_mobilesnapdragon_780g_5g_mobilesnapdragon_685_4g_mobilevision_intelligence_200_firmwaresnapdragon_x50_5g_modem-rf_firmwaresnapdragon_782g_mobile_firmwaresnapdragon_wear_4100\+_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_auto_4g_modemsnapdragon_665_mobile_firmwaresc8180xp-aaab9205_lte_modemqca6574au_firmwaresnapdragon_690_5g_mobile_firmware9207_lte_modem_firmwarewcd9341sd626_firmwaresnapdragon_wear_1300qca6574ausnapdragon_820_automotive205_mobilesnapdragon_888\+_5g_mobile_firmwaresnapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarewcd9390csra6640snapdragon_212_mobilemsm8209_firmwaresnapdragon_778g_5g_mobile_firmwaresc8180xp-acafsnapdragon_850_mobile_computewcn3660b_firmwaresd730snapdragon_820_automotive_firmwarefastconnect_6800_firmwareqcs5430snapdragon_690_5g_mobile9207_lte_modemsd835_firmwareqcn6024_firmwaresnapdragon_636_mobile_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_712_mobile_firmwareqcm6125_firmwarec-v2x_9150snapdragon_678_mobile_firmwaresnapdragon_425_mobileqcc710snapdragon_1100_wearable_firmwaresnapdragon_xr2_5g_firmwaremdm9615msm8108snapdragon_xr1_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmwaresnapdragon_wear_4100\+315_5g_iot_modem_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqfw7114snapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200315_5g_iot_modemqca6310wcd9360qca6335snapdragon_x65_5g_modem-rfqcs4490snapdragon_730_mobilesnapdragon_wear_3100mdm9250snapdragon_680_4g_mobilewsa8845qca6421_firmwareqcm6125snapdragon_212_mobile_firmwaremdm9230sc8180x-adqca6564au_firmwaresd820snapdragon_429_mobile_firmwarewsa8810mdm8207snapdragon_835_mobilesnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwaresnapdragon_wear_2500snapdragon_662_mobile_firmwaresnapdragon_685_4g_mobile_firmwarewcd9326_firmwaresnapdragon_845_mobile_firmwaremdm9640_firmwarewsa8840mdm9230_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesd835snapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwarewcd9371_firmwaresnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqts110wcn3910_firmwaresnapdragon_460_mobilesnapdragon_8_gen_2_mobileqca6420qca6174_firmwarewcn3910mdm9205s_firmwarewcd9370_firmwarecsrb31024qca9367mdm9250_firmwaresnapdragon_712_mobilesnapdragon_835_mobile_firmwarewcn3660bqca6574asnapdragon_8\+_gen_2_mobilewcn3620_firmwareqca6174aqca6584_firmwarewcd9340qcm2290snapdragon_1200_wearable_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwaresnapdragon_662_mobileqcn9024vision_intelligence_300_firmwareqca6574215_mobilesd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresdx57msmart_audio_400qcn9024_firmwarewsa8845hwcd9326qcs410qcm2290_firmwarevision_intelligence_100snapdragon_630_mobileqca6564asnapdragon_765g_5g_mobile_firmwaresnapdragon_wear_2100_firmwarewsa8830smart_display_200_firmwaresm8550psnapdragon_wear_2100snapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computesc8180x\+sdx55_firmwarear8035msm8996ausnapdragon_208snapdragon_7c_compute_firmwarewcn3620qcm4325qcn6224snapdragon_865\+_5g_mobile_firmwaresnapdragon_x5_lte_modemsnapdragon_429_mobilesc8180x\+sdx55qca6698aqwcn3950_firmwaresm6250mdm9205ssnapdragon_480\+_5g_mobilefastconnect_6200sd670wcn3680bsm7325p_firmwarewcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_210_firmwaresnapdragon_660_mobile_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_855_mobileqcs6490snapdragon_210snapdragon_695_5g_mobilesc8180xp-acaf_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqcn6224_firmwarevision_intelligence_100_firmwareqca6431wsa8845_firmwaresd660_firmwarewsa8832mdm9330_firmwaresnapdragon_auto_4g_modem_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwaresxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresc8180xp-aaab_firmwaremdm9630snapdragon_778g\+_5g_mobile205_mobile_firmwareqca6320msm8608_firmwaresd888_firmwaremsm8209wcd9306qca6564auqcs6125_firmwaresnapdragon_1100_wearablesnapdragon_425_mobile_firmwaresnapdragon_wear_1300_firmwaresm6250p_firmwaresc8180xp-adar6003wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290sd_455_firmwaremsm8608sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_665_mobilesm7250p_firmwarewcn3680_firmwareqcm4490_firmwarevision_intelligence_400_firmwarewcn3950qcs6125snapdragon_870_5g_mobile_firmwaresnapdragon_730g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobileqca4004_firmwaresnapdragon_778g\+_5g_mobile_firmwareapq8037smart_audio_400_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresmart_audio_200_firmwaresnapdragon_678_mobilesnapdragon_720g_mobilesd_455sm7250pcsrb31024_firmwaresc8180x-acafsm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqca6584ausd888qca6320_firmwareqcn6274_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_wear_2500_firmwaresw5100_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwareqca6310_firmwaresnapdragon_845_mobilesd626fastconnect_6800qfw7114_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarewcd9371mdm9630_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380smart_audio_200snapdragon_xr2_5gsnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_1200_wearablesnapdragon_auto_5g_modem-rf_firmwaresc8180x-aaabsc8180x-aaab_firmwaresw5100video_collaboration_vc3_platformaqt1000wcd9306_firmwaresnapdragon_4_gen_1_mobile_firmware215_mobile_firmwarec-v2x_9150_firmwaresd855qca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmware9205_lte_modem_firmwaresm7315snapdragon_660_mobileqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqcs2290_firmwaremsm8909w_firmwaresnapdragon_8_gen_1_mobilewcn3615qca9367_firmwaresnapdragon_630_mobile_firmwarewcd9330mdm8207_firmwaresnapdragon_680_4g_mobile_firmwarewcn3680wcn3610_firmwareqcs4290wcd9390_firmwaresnapdragon_865\+_5g_mobilesd820_firmwareqca6430snapdragon_855\+_mobilesg8275psm6250psnapdragon_765_5g_mobilesnapdragon_860_mobilesdx55_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfwcn3615_firmwaresxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcm4490csra6640_firmwaresnapdragon_480\+_5g_mobile_firmwareqca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_x50_5g_modem-rfapq8037_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436snapdragon_x70_modem-rfwcn3980_firmwaresnapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqcn6274qfw7124qca6595au_firmwareqcs610sw5100p_firmwareqca6696_firmwareqcs4290_firmwaresnapdragon_430_mobile_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqca9377mdm9628_firmwaresnapdragon_x75_5g_modem-rfqcm4325_firmwaresnapdragon_439_mobile_firmware9206_lte_modemqca6574a_firmwaresdx55snapdragon_4_gen_1_mobileqcm4290_firmwaresnapdragon_720g_mobile_firmwaresnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675wcd9375_firmwareqca6391snapdragon_710_mobileqts110_firmwaremdm9615_firmwareqcs5430_firmwaresnapdragon_439_mobilesg4150p_firmwareqca6584csra6620_firmwareqcs8550fastconnect_7800sd865_5g_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_xr1wcd9375vision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwaresnapdragon_430_mobilesnapdragon_636_mobilesd_675snapdragon_8\+_gen_1_mobile_firmwarevision_intelligence_400wsa8835_firmwaresmart_display_200ar6003_firmwarewcn3980qca6584au_firmwaremdm9330msm8909wwcn3680b_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm2290_firmwareqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwaremdm9640_firmwaremsm8996au_firmware315_5g_iot_modem_firmwareqcs2290_firmwareqca6431_firmwaremdm9628_firmwareqcn6224_firmwaremsm8909w_firmwaresd670_firmwaremdm9205s_firmwareqca6420_firmwareqca6595au_firmwareqca6174_firmwaresd730_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwareqca6584au_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwaremsm8108_firmwareqca6335_firmwareqcn6024_firmwareqcm4325_firmwareqca6574_firmwareqca6584_firmwareqca6426_firmwaremdm9230_firmwareqca6320_firmwareqca6574a_firmwareqca6574au_firmwarefastconnect_6200_firmwareqca8081_firmwareqca6436_firmwareqca6421_firmware9205_lte_modem_firmwareaqt1000_firmwareqca6564au_firmwarear6003_firmwareqca9367_firmwareqcm8550_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwarecsrb31024_firmwareqcm6490_firmwarefastconnect_6900_firmwarerobotics_rb3_platform_firmwareqca4004_firmwareqcs8550_firmware9206_lte_modem_firmwarefastconnect_6700_firmwareqca6564a_firmwareapq8017_firmwaresd626_firmwareqcn9024_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcs610_firmwareqca6698aq_firmwaremsm8209_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6174a_firmwaremdm9250_firmwareqcs4290_firmwarequalcomm_205_mobile_platform_firmware9207_lte_modem_firmwareqca6696_firmwareqcs6490_firmwaremdm8207_firmwareqcs5430_firmwaresd820_firmwareqca6391_firmwaremsm8608_firmwaresd888_firmwareqcc710_firmwaremdm9330_firmwaresd855_firmwaresd865_5g_firmwaremdm9615_firmwareapq8037_firmwaresd660_firmwarefastconnect_6800_firmwareqcs410_firmwareqfw7124_firmwaremdm9630_firmwarear8035_firmwareqcm6125_firmwareqts110_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2026-44196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.64%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 17:40
Updated-14 May, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pingvin Share X: TOTP Authentication Bypass via Password-only Login

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.

Action-Not Available
Vendor-smp46
Product-pingvin-share-x
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
CVE-2026-44351
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 14.57%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 19:12
Updated-14 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an empty string (''), for example via the common keys[decoded.header.kid] || '' JWKS-style fallback, fast-jwt converts it to a zero-length Buffer, hands it to crypto.createSecretKey, derives allowedAlgorithms = ['HS256','HS384','HS512'] from it, and then verifies the token's signature against an empty-key HMAC. The attacker simply computes HMAC-SHA256(key='', input='${header}.${payload}'), which Node accepts without complaint — and the verifier returns the attacker-chosen payload (sub, admin, scopes, etc.) as authentic. This vulnerability is fixed in 6.2.4.

Action-Not Available
Vendor-nearform
Product-fast-jwt
CWE ID-CWE-1391
Use of Weak Credentials
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2026-44551
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.46% / 70.39%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 19:59
Updated-19 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: LDAP Empty Password Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-287
Improper Authentication
CVE-2024-8956
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.1||CRITICAL
EPSS-60.88% / 99.04%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 19:59
Updated-22 Nov, 2025 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-11-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

Action-Not Available
Vendor-PTZOptics
Product-pt30x-sdipt30x-sdi_firmwarept30x-ndi-xx-g2pt30x-ndi-xx-g2_firmwarePT30X-NDIPT30X-SDIpt30x-ndi-xx-g2_firmwarept30x-sdi_firmwarePT30X-SDI/NDI Cameras
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2023-37471
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.02% / 59.22%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 16:53
Updated-24 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet. This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later. User unable to upgrade should comment servlet `SAMLPOSTProfileServlet` from their pom file. See the linked GHSA for details.

Action-Not Available
Vendor-openidentityplatformOpenIdentityPlatform
Product-openamOpenAM
CWE ID-CWE-287
Improper Authentication
CVE-2026-42560
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.42% / 33.52%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 04:15
Updated-11 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a single local identity. Any application that trusts token.User.ID as the stable account key can end up mixing or fully merging unrelated Patreon users, which can lead to cross-account access, privilege confusion, and subscription-state leakage. This issue has been patched in versions 1.25.2 and 2.1.2.

Action-Not Available
Vendor-go-pkgz
Product-auth
CWE ID-CWE-287
Improper Authentication
CVE-2025-21450
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.29% / 20.92%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:49
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in GPS_GNSS

Cryptographic issue occurs due to use of insecure connection method while downloading.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwarewcn6650wsa8845_firmwareqcm8550_firmwarewsa8832sdx61_firmwarewcd9378_firmwaresnapdragon_7c\+_gen_3snapdragon_480_5g_mobilesw5100psm7675pqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcn7880_firmwarewcn7860_firmwaresnapdragon_778g\+_5g_mobilewcd9340_firmwarewcd9395_firmwarewcn7881_firmwareqcn6024snapdragon_x62_5g_modem-rfwcn6450qcc710_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700sm4635snapdragon_782g_mobile_firmwarewsa8815_firmwarewsa8832_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfsm6370sm4635_firmwareqcm4490_firmwareqca6574auwcd9390wcn3950snapdragon_888\+_5g_mobile_firmwarewsa8810_firmwarewsa8845h_firmwaresnapdragon_778g_5g_mobile_firmwaresm8650q_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresdx80mqcs5430snapdragon_778g\+_5g_mobile_firmwarewcn7860qcn6024_firmwareqcm5430qcm5430_firmwareqca6584auqcn6274_firmwarewcn6755_firmwareqcc710qcn9011_firmwaresnapdragon_x32_5g_modem-rf_firmwaresw5100_firmwarewcn6650_firmwaresnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sm8635qfw7114sm8635_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380wcd9360sdx61wcn7880snapdragon_x65_5g_modem-rfwcn6755qcs4490wsa8845snapdragon_auto_5g_modem-rf_firmwarewsa8810wcn7881sm6650sw5100snapdragon_888_5g_mobile_firmwareqca6595auvideo_collaboration_vc3_platformsnapdragon_888_5g_mobilesnapdragon_4_gen_1_mobile_firmwaresm6650pwsa8840qca6688aqqcs8550_firmwaresnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqca6698auqfw7124_firmwarewcd9385qca6698aq_firmwaresm8750pqcn9012snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresm8635pwcd9390_firmwaresnapdragon_x62_5g_modem-rf_firmwareqep8111_firmwaresg8275pwcd9370_firmwaresdx55_firmwaresm8750_firmwaresnapdragon_auto_5g_modem-rfqca6574asm7635p_firmwaresnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcn7861_firmwareqca6174a_firmwarewcn7861qcm6490sm7325pwcn3988qcm8550qcs6490_firmwaresm6370_firmwaresm6650_firmwareqcn9024wcn3980_firmwareqca6584au_firmwareqcn6274qfw7124snapdragon_w5\+_gen_1_wearablewsa8835qca6595au_firmwarewsa8840_firmwareqca6391_firmwareqca6698au_firmwaresw5100p_firmwareqcn9011qca6696_firmwarewsa8845hqcn9024_firmwarewcd9380_firmwaresm8650qwsa8815qca8081sd_8_gen1_5gwsa8830qca6797aqsnapdragon_x75_5g_modem-rfsm7675_firmwarear8035qca6574a_firmwaresdx55sm7635_firmwaresnapdragon_4_gen_1_mobilesm7635pwcn6450_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwaresnapdragon_7c\+_gen_3_firmwareqca6391qcn6224qcn9012_firmwareqcs5430_firmwareqca6698aqwcn3950_firmwaresm7635snapdragon_x32_5g_modem-rfqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sm7325p_firmwarewcd9360_firmwarewcd9378snapdragon_480_5g_mobile_firmwaresm8635p_firmwareqca6688aq_firmwaresm6650p_firmwaresm8750p_firmwarewcd9375wcn3988_firmwarefastconnect_6700_firmwaresm7675video_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaresdx80m_firmwaresnapdragon_x75_5g_modem-rf_firmwarewcn3980qcs6490sm7675p_firmwaresnapdragon_695_5g_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwaresnapdragon_8_gen_3_mobilewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-40910
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.51%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:09
Updated-29 Apr, 2026 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses credentials from the regular Authorization header. As a result, an attacker who can reach the HTTP vhost entrypoint and knows or can guess the protected routeByHTTPUser value may access a backend protected by httpUser / httpPassword even with an incorrect Proxy-Authorization password. This issue affects deployments that explicitly use routeByHTTPUser. It does not affect ordinary HTTP proxies that do not use this feature. This vulnerability is fixed in 0.68.1.

Action-Not Available
Vendor-fatedierfatedier
Product-frpfrp
CWE ID-CWE-287
Improper Authentication
CVE-2026-36727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 28.46%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 00:00
Updated-10 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-31123
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.65% / 46.60%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 20:01
Updated-29 Jan, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login`

`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually.

Action-Not Available
Vendor-effectindexeffectindex
Product-tripreportertripreporter
CWE ID-CWE-287
Improper Authentication
CVE-2026-34873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 15.16%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 00:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

Action-Not Available
Vendor-trustedfirmwaren/aArm Limited
Product-mbed_tlsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-3065
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.1||CRITICAL
EPSS-0.78% / 51.52%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 08:27
Updated-08 Jan, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mobatime mobile application - Authentication bypass

Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

Action-Not Available
Vendor-mobatimeMobatime
Product-amxgt_100Mobatime mobile application AMXGT100
CWE ID-CWE-287
Improper Authentication
CVE-2018-18571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.81% / 84.82%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:53
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenmobile_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-35030
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.49% / 38.59%
||
7 Day CHG+0.09%
Published-06 Apr, 2026 | 16:47
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Lightspeed Core
CWE ID-CWE-222
Truncation of Security-relevant Information
CWE ID-CWE-287
Improper Authentication
CVE-2026-34727
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.28% / 19.91%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 15:45
Updated-20 Apr, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. This vulnerability is fixed in 2.3.0.

Action-Not Available
Vendor-vikunjago-vikunja
Product-vikunjavikunja
CWE ID-CWE-287
Improper Authentication
CVE-2023-29129
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.89% / 54.91%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:17
Updated-03 Jan, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML (Mendix 9.6 compatible, Upgrade Track)Mendix SAML (Mendix 9 latest compatible, New Track)Mendix SAML (Mendix 9.6 compatible, New Track)Mendix SAML (Mendix 8 compatible)Mendix SAML (Mendix 9.12/9.18 compatible, New Track)Mendix SAML (Mendix 9 latest compatible, Upgrade Track)Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track)Mendix SAML (Mendix 7 compatible)
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2023-28540
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.43% / 34.56%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Data Modem

Cryptographic issue in Data Modem due to improper authentication during TLS handshake.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm7325-ae_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qfw7124sg8275p_firmwareqca6431_firmwarewcd9360_firmwarewsa8840snapdragon_212_mobile_platformwcn3950_firmwareqcs2290qca6595au_firmwaresnapdragon_x70_modem-rf_systemsm8350csra6620_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwareapq5053-aa_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresm6375_firmwarewcn3660bsm7150-acsd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresm6225-adqca6420wcd9360snapdragon_auto_5g_modem-rf_firmwaresm6225-ad_firmwarewsa8840_firmwareqca6698aqqcs6125sd662_firmwaresm7250-ab_firmwareqca6430wcd9340sw5100qca6436qca6698aq_firmwaremsm8905wcn685x-1_firmwaresm8150_firmwarewcd9341qca6431qca6696_firmwarewcd9371wcn3910_firmwaresm4350_firmwareqcc710_firmwaresm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwaresm8475wcn6750_firmwaresm6125_firmwarewcn3610snapdragon_675_mobile_platform_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaresw5100psnapdragon_w5\+_gen_1_wearable_platformqcm8550snapdragon_7c\+_gen_3_computewcd9380qcs410snapdragon_210_processorsm7150-aa_firmwaresg8275pqca6430_firmwarewcd9335_firmwareqfw7114_firmwarewcn3980wsa8845sm7225qcm4325_firmwarewcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qca6426_firmwarewcn3660b_firmwareqcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwaresm7150-aasc7180-ac_firmwareqca6421_firmwaresm6350sm7125sm8475_firmwarewcn6740_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemsm7150-ab_firmwaresm8350_firmwaresnapdragon_x75_5g_modem-rf_system_firmwaresm6350_firmwarewcn785x-1_firmwareqcn9024_firmwaresdx57msnapdragon_8\+_gen_2_mobile_platformqcm4290_firmwarewsa8832sw5100p_firmwareqcs610_firmwareqcc710qcs4490sdm439_firmwarewcd9395qca6391_firmwarewcd9370_firmwareqm215_firmwaresm8550p_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresd675csra6640sm8250qfw7124_firmwarear8035_firmwareqcm2290wcn3991_firmwaresnapdragon_662_mobile_platform_firmwarewsa8830sm6125qcs2290_firmwarewcn785x-5csra6620qcn6224_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwaresc7180-acqca6390_firmwaresd730_firmwarewcd9370sd675_firmwareqca6426wcn3990_firmwaresnapdragon_8_gen_2_mobile_platformsm8450sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresd662sm7325-afsnapdragon_x55_5g_modem-rf_systemmsm8905_firmwarewcn3680b_firmwaresdx55_firmwaresnapdragon_4_gen_2_mobile_platformsnapdragon_212_mobile_platform_firmwareqca6595ausm7325-af_firmwarewsa8845h_firmwareqfw7114sm7250p_firmwarewcn3615wcn3610_firmwareqca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwaresnapdragon_x70_modem-rf_system_firmwareqcs6490qcs8550_firmwaresm8250_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqm215qca6421sm6250sm7250-aawsa8810_firmwareqcn6224sm4375_firmwaresm8450_firmwaresc7180-adwsa8845hwcd9326snapdragon_x75_5g_modem-rf_systemsg4150pwcd9335wcd9395_firmwareqca8081qcm4490qcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresm7150-abqca6390ar8035wcd9375aqt1000snapdragon_210_processor_firmwaresm6250_firmwarewcd9390snapdragon_662_mobile_platformsm8150qcm6490wsa8815_firmwarewsa8835_firmwaresm7350-absg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qcm6125_firmwareqcm4325qcm2290_firmwareapq5053-aawcn3990sd_675sd865_5gsm8350-ac_firmwaresdm439sm8150-acsd888wsa8835sc7180-ad_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresnapdragon_auto_5g_modem-rfqcn6274sm6250psnapdragon_4_gen_2_mobile_platform_firmwaresxr2130qca6574awcn685x-5_firmwaresm7325psm7325wcn6750sm7150-ac_firmwaresm7250-absd855sm7325p_firmwaresdx57m_firmwarewsa8845_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwarewcn785x-5_firmwaresm7315sd460qca6391sm8250-ab_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareaqt1000_firmwareqcm4490_firmwareqcn6274_firmwareqcm4290qcm6490_firmwarewsa8832_firmwarewcn685x-5qca6574auwcd9341_firmwareqcm6125wsa8810sm7250-aa_firmwaresm7250-acsm8550psm8150-ac_firmwarewcn3680bsm8350-acsnapdragon_675_mobile_platformwcn6740qca6696qcs8550sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemwcd9390_firmwareqcn6024sm7250psw5100_firmwareqcs410_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-287
Improper Authentication
CVE-2018-15152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-25.94% / 97.73%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.

Action-Not Available
Vendor-n/aOpenEMR Foundation, Inc
Product-openemrn/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-33409
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.46% / 36.34%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 18:11
Updated-25 Mar, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server: Auth provider validation bypass on login via partial authData

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid session token. This affects Parse Server deployments where the server option allowExpiredAuthDataToken is set to true. The default value is false. This issue has been patched in versions 8.6.52 and 9.6.0-alpha.41.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-287
Improper Authentication
CVE-2026-33432
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 20:26
Updated-24 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without escaping LDAP special characters. An unauthenticated attacker can inject LDAP filter metacharacters into the username field to manipulate the search query, cause the directory to return an unintended user entry, and bypass authentication entirely — gaining access to the application without knowing any valid password. As of time of publication, no known patches are available.

Action-Not Available
Vendor-roxy-wiroxy-wi
Product-roxy-wiroxy-wi
CWE ID-CWE-287
Improper Authentication
CVE-2026-33117
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.48% / 37.90%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for Java Security Feature Bypass Vulnerability

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sdk_for_javaAzure SDK for Java
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-43834
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.98% / 57.83%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 23:20
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authentication in elabftw

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

Action-Not Available
Vendor-elabftwelabftw
Product-elabftwelabftw
CWE ID-CWE-287
Improper Authentication
CVE-2026-29145
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.71% / 49.20%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 19:20
Updated-14 Apr, 2026 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcat_nativetomcatApache Tomcat NativeApache Tomcat
CWE ID-CWE-287
Improper Authentication
CVE-2021-41292
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.13% / 62.56%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 10:40
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOA BAS controller - Broken Authentication

ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.

Action-Not Available
Vendor-ecoaECOA
Product-ecs_router_controller-ecs_firmwareecs_router_controller-ecsriskbusterriskterminatorriskbuster_firmwareECS Router Controller ECS (FLASH)RiskBuster System RB 3.0.0RiskBuster System TRANE 1.0Graphic Control SoftwareRiskBuster Terminator E6L45SmartHome II E9246RiskTerminator
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2026-28215
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.46% / 36.36%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 22:34
Updated-02 Mar, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
hoppscotch Vulnerable to Unauthenticated Onboarding Config Takeover

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP settings by sending a single HTTP POST request with no authentication. The endpoint POST /v1/onboarding/config has no authentication guard and performs no check on whether onboarding was already completed. A successful exploit allows the attacker to replace the instance's Google/GitHub/Microsoft OAuth application credentials with their own, causing all subsequent user logins via SSO to authenticate against the attacker's OAuth app. The attacker captures OAuth tokens and email addresses of every user who logs in after the exploit. Additionally, the endpoint returns a recovery token that can be used to read all stored secrets in plaintext, including SMTP passwords and any other configured credentials. Version 2026.2.0 fixes the issue.

Action-Not Available
Vendor-hoppscotchhoppscotch
Product-hoppscotchhoppscotch
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2023-25957
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.53%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 09:31
Updated-27 Feb, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML (Mendix 9 latest compatible, New Track)Mendix SAML (Mendix 8 compatible)Mendix SAML (Mendix 9 latest compatible, Upgrade Track)Mendix SAML (Mendix 9.6 compatible, New Track)Mendix SAML (Mendix 9.6 compatible, Upgrade Track)Mendix SAML (Mendix 7 compatible)
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2023-44152
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 43.17%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 11:59
Updated-23 Sep, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-cyber_protectmacoswindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2026-27197
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.43% / 34.96%
||
7 Day CHG~0.00%
Published-21 Feb, 2026 | 04:35
Updated-24 Feb, 2026 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account.

Action-Not Available
Vendor-sentrygetsentry
Product-sentrysentry
CWE ID-CWE-287
Improper Authentication
CVE-2021-3850
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-2.17% / 80.06%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 14:20
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass by Primary Weakness in adodb/adodb

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

Action-Not Available
Vendor-adodb_projectadodbDebian GNU/Linux
Product-debian_linuxadodbadodb/adodb
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2017-20235
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 36.10%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 22:51
Updated-25 May, 2026 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProSoft Technology ICX35-HWC Authentication Bypass

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

Action-Not Available
Vendor-prosoft-technologyProSoft Technology
Product-icx35-hwc_firmwareicx35-hwcICX35-HWC Cellular Gateway
CWE ID-CWE-287
Improper Authentication
CVE-2026-2418
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 14.97%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 06:00
Updated-02 Apr, 2026 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email

Action-Not Available
Vendor-Unknown
Product-Login with Salesforce
CWE ID-CWE-287
Improper Authentication
CVE-2021-30720
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.28% / 66.47%
||
7 Day CHG+0.04%
Published-08 Sep, 2021 | 13:41
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvossafarimacosmacOSiOS and iPadOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-33054
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 28.08%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in GPS HLOS Driver

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsw5100pqca6595qcs610_firmwarewcd9335wcd9370qca8081_firmwaresm7250-absnapdragon_x50_5g_modem-rf_systemqca6696wcd9340_firmwarewcd9341_firmwarewcd9395_firmware8998qcn6024sdm845qcc710_firmwareqca6426wcn6740_firmwarewcn3610sm7325-ae_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qca6574au_firmwarewcn785x-5qam8295psm8150_firmwarewcd9341qca6574auwcd9390snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarecsra6640wcn3660b_firmwaresd730qcs5430sm8150-acsm6375_firmwaresd835_firmwareqcn6024_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm7150-acqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresm8350qcm6125_firmwareqcc710sm6375sm7250-aa_firmware315_5g_iot_modem_firmwaresda845sm8450_firmwarevideo_collaboration_vc1_platformqfw7114wcd9385_firmwareqca6421315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemqca6310sa8155_firmwaresm7150-abqcs603_firmwareqca6335qcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155pqca6421_firmwareqcm6125sm7150-ac_firmwarewsa8810video_collaboration_vc5_platform_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7325_firmwaresm7315_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840qcs8550_firmwaresd835qfw7124_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwareqcs4490_firmwaresnapdragon_8_gen_2_mobile_platformwcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm8250-ac_firmwareqca6420wcn3910wcd9370_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3660bqca6574asm7325-aeqca6174asa8195pwcd9340qcs8250_firmwareqcm2290sm6150-acsm6225snapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sm8150-ac_firmwaresm8550p_firmwarewcn3998_firmwareqcm8550wcn3988qcn9024qca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemqca6430_firmwareqcs605qcn9024_firmwarewsa8845hwcd9326sa6150psm7250-aaqcs410qcm2290_firmwarewcn685x-1_firmwaresa8155p_firmwaresa8155pwsa8830snapdragon_675_mobile_platformsm8550psa6145pwcn785x-1_firmwarear8035sa6155qcm4325qcn6224sm8475_firmwareqca6698aqqm215_firmwarewcn3950_firmwaresm6250sm7250-acwcn685x-1sm7325p_firmwaresa8145p_firmwarewcn3680bsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformvideo_collaboration_vc3_platform_firmwarewcn3990qcs6490qcs8250wsa8830_firmwaresm7150-aaqcn6224_firmwareqca6431wsa8845_firmwaresd660_firmwarewsa8832qcs603sxr2130_firmwaresnapdragon_675_mobile_platform_firmwarear8035_firmwaresm8475snapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320sm8250-ab_firmwaresd888_firmwareqcs6125_firmwaresm6225_firmwaresm7325-af_firmwarewsa8815_firmwaresm8250-absa8195p_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290sm7325sm6125_firmwareqca9377_firmwareqcm6490_firmwaresm8350-ac_firmwaresm7250p_firmwareqcm4490_firmwarewcn785x-5_firmwarewcn3950snapdragon_xr2_5g_platformqcs6125sda845_firmwareapq5053-aa_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresm4350_firmwaresm7350-ab_firmwarewcn3991sa8295p_firmwareapq5053-aasm7250psm6250_firmwaresa8155sm7150-aa_firmwareqca6584ausd888qca6320_firmwareqcn6274_firmwaresnapdragon_4_gen_2_mobile_platformsw5100_firmwarewcn685x-5wcn6740qca6310_firmwaresm6225-ad_firmwareqfw7114_firmwareqcs605_firmwareqca6595_firmwaresm8250-acsm8250_firmwarewcd9380sa6145p_firmwaresa6155_firmwaresnapdragon_xr2_5g_platform_firmwaresa8150psm7350-absm8350_firmwaresm6225-adsm4350-acsdm660_firmwaresw5100video_collaboration_vc3_platformaqt1000sm8150wcn3991_firmwareqam8295p_firmwaresd855sdm660qca6431_firmwarewcn3990_firmwaresm7315sm6125qca6698aq_firmwareqcs2290wcd93858998_firmwareqcs2290_firmwarewcn3615wcn3610_firmwareqcs4290wcd9390_firmwarewcn6750qca6430wcn6750_firmwaresdx55_firmwarewcn3615_firmwaresm7250-ab_firmwaresxr2130qcm44908098_firmwaresm7150-ab_firmwarecsra6640_firmwaresm4350snapdragon_xr2\+_gen_1_platformqca6174a_firmwaresm7325pwcn3998video_collaboration_vc5_platformqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresm8450sm6150-ac_firmwaresnapdragon_x65_5g_modem-rf_systemsd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436qca6584au_firmwareqcn6274wsa8835wsa8840_firmwareqca6391_firmwareqfw7124qca6595au_firmwaresw5100p_firmwaresm8250qca6696_firmwareqcs4290_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660wsa8815sm4375sg4150pqca9377sm4375_firmwareqcm4325_firmwareqca6574a_firmwaresdx55qcm4290_firmwaresdm845_firmwarewcd9375_firmwareqca6391wcn785x-1qcs5430_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarecsra6620_firmwaresa8295p8098snapdragon_x50_5g_modem-rf_system_firmwareqcs8550qm215sd865_5g_firmwarewcd9375wcn685x-5_firmwarewcn3988_firmwaresa8145psm4350-ac_firmwaresnapdragon_wear_4100\+_platformwsa8835_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980sm7250-ac_firmwarewcn3680b_firmwareqcs610Snapdragon
CWE ID-CWE-287
Improper Authentication
CVE-2017-12195
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.40% / 69.14%
||
7 Day CHG+0.01%
Published-27 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformOpenShift
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-21881
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.43% / 34.76%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 01:08
Updated-20 Jan, 2026 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kanboard is Vulnerable to Reverse Proxy Authentication Bypass

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.

Action-Not Available
Vendor-kanboardkanboard
Product-kanboardkanboard
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found