Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-39257

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-28 Sep, 2022 | 20:55
Updated At-23 Apr, 2025 | 16:54
Rejected At-
Credits

Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:28 Sep, 2022 | 20:55
Updated At:23 Apr, 2025 | 16:54
Rejected At:
▼CVE Numbering Authority (CNA)
Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Affected Products
Vendor
The Matrix.org Foundationmatrix-org
Product
matrix-ios-sdk
Versions
Affected
  • < 0.23.19
Problem Types
TypeCWE IDDescription
CWECWE-322CWE-322: Key Exchange without Entity Authentication
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-322
Description: CWE-322: Key Exchange without Entity Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
x_refsource_MISC
https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
x_refsource_MISC
https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
x_refsource_MISC
https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4
x_refsource_CONFIRM
Hyperlink: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
Resource:
x_refsource_MISC
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
Resource:
x_refsource_MISC
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
Resource:
x_refsource_MISC
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
x_refsource_MISC
x_transferred
https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
x_refsource_MISC
x_transferred
https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
x_refsource_MISC
x_transferred
https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4
x_refsource_CONFIRM
x_transferred
Hyperlink: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:28 Sep, 2022 | 21:15
Updated At:30 Sep, 2022 | 16:10

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches

The Matrix.org Foundation
matrix
>>software_development_kit>>Versions before 0.23.19(exclusive)
cpe:2.3:a:matrix:software_development_kit:*:*:*:*:*:iphone_os:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE-287Secondarysecurity-advisories@github.com
CWE-322Secondarysecurity-advisories@github.com
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-287
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-322
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262csecurity-advisories@github.com
Patch
Third Party Advisory
https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19security-advisories@github.com
Release Notes
Third Party Advisory
https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4security-advisories@github.com
Third Party Advisory
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clientssecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
Source: security-advisories@github.com
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4
Source: security-advisories@github.com
Resource:
Third Party Advisory
Hyperlink: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

111Records found

CVE-2022-39251
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.87% / 54.48%
||
7 Day CHG+0.01%
Published-28 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-javascript_sdkmatrix-js-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39255
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:35
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-ios-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39248
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:05
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-android-sdk2
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39246
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 45.65%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:00
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-software_development_kitmatrix-android-sdk2
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39249
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.78%
||
7 Day CHG+0.01%
Published-28 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-javascript_sdkmatrix-js-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39252
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 38.28%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 14:15
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-matrix-rust-sdkmatrix-rust-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2022-39250
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.48%
||
7 Day CHG+0.01%
Published-29 Sep, 2022 | 00:00
Updated-23 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-javascript_sdkmatrix-js-sdk
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-322
Key Exchange without Entity Authentication
CVE-2021-41281
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.43%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:15
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal in Matrix Synapse

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config.

Action-Not Available
Vendor-The Matrix.org FoundationFedora Project
Product-fedorasynapsesynapse
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-40648
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.78%
||
7 Day CHG~0.00%
Published-18 Jul, 2024 | 16:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. If the method is used to decide whether to perform sensitive operations towards a user identity, a malicious homeserver could manipulate the outcome in order to make the identity appear trusted. This is not a typical usage of the method, which lowers the impact. The method itself is not used inside the `matrix-sdk-crypto` crate. The 0.7.2 release of the `matrix-sdk-crypto` crate includes a fix. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-matrix-rust-sdk
CWE ID-CWE-287
Improper Authentication
CVE-2024-47080
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.68% / 47.97%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 14:53
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-matrix-js-sdk
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2023-32682
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.75% / 50.54%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 18:20
Updated-13 Feb, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper checks for deactivated users during login in synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-synapsesynapse
CWE ID-CWE-287
Improper Authentication
CVE-2023-38691
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.39% / 30.58%
||
7 Day CHG~0.00%
Published-04 Aug, 2023 | 16:34
Updated-07 Oct, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs

matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-matrix-appservice-bridgematrix-appservice-bridge
CWE ID-CWE-287
Improper Authentication
CVE-2014-2904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.68%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 22:08
Updated-06 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-0905
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-3.19% / 86.54%
||
7 Day CHG~0.00%
Published-18 Feb, 2023 | 07:39
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_task_management_systemEmployee Task Management System
CWE ID-CWE-287
Improper Authentication
CVE-2022-48494
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.29%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2022-48496
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.29%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2024-37313
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.40% / 32.15%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 14:50
Updated-26 Sep, 2025 | 23:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisoriesserver
CWE ID-CWE-287
Improper Authentication
CVE-2020-28874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.36% / 81.74%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 15:01
Updated-05 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).

Action-Not Available
Vendor-projectsendn/a
Product-projectsendn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-44574
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-64.82% / 99.15%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 00:00
Updated-28 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

Action-Not Available
Vendor-n/aIvanti Software
Product-avalancheIvanti Avalanche
CWE ID-CWE-287
Improper Authentication
CVE-2022-41738
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.52%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 16:17
Updated-31 Dec, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Scale security bypass

IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scale_container_native_storage_accesslinux_kernelStorage Scale Container Native Storage Accessspectrum_scale
CWE ID-CWE-287
Improper Authentication
CVE-2015-6926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.75%
||
7 Day CHG-0.01%
Published-19 Jan, 2018 | 15:00
Updated-06 Aug, 2024 | 07:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.

Action-Not Available
Vendor-oxid-esalesn/a
Product-eshopn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-39289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.75% / 50.58%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-22 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Action-Not Available
Vendor-zoneminderZoneMinder
Product-zoneminderzoneminder
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2022-39019
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 28.87%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 20:09
Updated-02 May, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.

Action-Not Available
Vendor-M-Files Oy
Product-hubshareHubshare
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-21635
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.67%
||
7 Day CHG+0.01%
Published-14 Nov, 2025 | 14:11
Updated-26 Nov, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memos Access Tokens Stay Valid after User Password Change

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. In versions up to and including 0.18.1, though, the bad actor will still have access to their account because the bad actor's Access Token stays on the list as a valid token. The user will have to manually delete the bad actor's Access Token to secure their account. The list of Access Tokens has a generic Description which makes it hard to pinpoint a bad actor in a list of Access Tokens. A known patched version of Memos isn't available. To improve Memos security, all Access Tokens will need to be revoked when a user changes their password. This removes the session for all the user's devices and prompts the user to log in again. One can treat the old Access Tokens as "invalid" because those Access Tokens were created with the older password.

Action-Not Available
Vendor-Usememos
Product-memosmemos
CWE ID-CWE-287
Improper Authentication
CVE-2026-48897
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-8.2||HIGH
EPSS-0.21% / 11.42%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:44
Updated-28 May, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla! Core - [20260512] - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-287
Improper Authentication
CVE-2020-15949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.27%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 14:35
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.

Action-Not Available
Vendor-immutan/a
Product-immutan/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-46579
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.23% / 13.79%
||
7 Day CHG+0.01%
Published-29 May, 2026 | 09:50
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift_routerRed Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.22
CWE ID-CWE-287
Improper Authentication
CVE-2020-16839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 63.80%
||
7 Day CHG~0.00%
Published-27 Jul, 2021 | 14:20
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

Action-Not Available
Vendor-n/aCrestron Electronics, Inc.
Product-dm-nvx-dir-160_firmwaredm-nvx-dir-entdm-nvx-dir-ent_firmwaredm-nvx-dir-80_firmwaredm-nvx-dir-160dm-nvx-dir-80n/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-44847
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.73%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 20:16
Updated-01 Jun, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaxKB: Webhook Trigger Authentication Bypass

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which Django REST Framework interprets as successful authentication. Combined with optional per-trigger token verification and no backend enforcement of token requirements, any unauthenticated attacker who knows a valid trigger ID can invoke webhook triggers to execute their bound tasks. This vulnerability is fixed in 2.9.0.

Action-Not Available
Vendor-1Panel (FIT2CLOUD Inc.)
Product-MaxKB
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 80.75%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 12:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Action-Not Available
Vendor-evenrouten/a
Product-iqrouter_firmwareiqroutern/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-10816
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.85% / 90.95%
||
7 Day CHG+0.06%
Published-08 Oct, 2020 | 16:50
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-0822
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 15:18
Updated-20 Nov, 2025 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ovirt: authentication bypass

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Action-Not Available
Vendor-ovirtRed Hat, Inc.
Product-ovirt-engineRed Hat Virtualization Engine 4.4
CWE ID-CWE-1390
Weak Authentication
CWE ID-CWE-287
Improper Authentication
CVE-2026-40177
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.33% / 24.84%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 19:29
Updated-21 Apr, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Password bypass when 2FA is activated

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

Action-Not Available
Vendor-ajentiajenti
Product-ajenti_plugin_coreajenti
CWE ID-CWE-287
Improper Authentication
CVE-2026-34834
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.25% / 16.43%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 19:11
Updated-09 Apr, 2026 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.

Action-Not Available
Vendor-bulwarkmailbulwarkmail
Product-webmailwebmail
CWE ID-CWE-287
Improper Authentication
CVE-2023-6847
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.61%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:46
Updated-02 Aug, 2024 | 08:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-287
Improper Authentication
CVE-2023-6584
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.55% / 41.94%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 08:30
Updated-01 May, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JobSearch WP Job Board < 2.3.4 - Authentication Bypass

The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.

Action-Not Available
Vendor-eyecixUnknownwpjobsearch
Product-jobsearch_wp_job_boardWP JobSearchwpjobsearch_wordpress
CWE ID-CWE-287
Improper Authentication
CVE-2023-6042
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.72%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 19:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Any unauthenticated user may send e-mail from the site with any title or content to the admin

Action-Not Available
Vendor-motopressUnknown
Product-getwidGetwid
CWE ID-CWE-287
Improper Authentication
CVE-2009-0130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 65.02%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.

Action-Not Available
Vendor-erlangn/a
Product-erlangn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-52111
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.53%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 07:55
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-48703
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.48%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 19:18
Updated-04 Dec, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML authentication bypass vulnerability in RobotsAndPencils/go-saml

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used.

Action-Not Available
Vendor-robotsandpencilsRobotsAndPencilsrobotsandpencils
Product-go-samlgo-samlgo-saml
CWE ID-CWE-287
Improper Authentication
CVE-2024-7401
Matching Score-4
Assigner-Netskope
ShareView Details
Matching Score-4
Assigner-Netskope
CVSS Score-8.5||HIGH
EPSS-0.77% / 50.97%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 16:36
Updated-23 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client Enrollment Process Bypass

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.

Action-Not Available
Vendor-netskopeNetskope
Product-netskopeNetskope Client
CWE ID-CWE-287
Improper Authentication
CVE-2023-48228
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.24% / 65.46%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 20:48
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OAuth2: PKCE can be fully circumvented

authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request with out it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue.

Action-Not Available
Vendor-goauthentikgoauthentik
Product-authentikauthentik
CWE ID-CWE-287
Improper Authentication
CVE-2025-25227
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.77%
||
7 Day CHG+0.04%
Published-08 Apr, 2025 | 16:24
Updated-04 Jun, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[20250402] - Joomla Core - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-287
Improper Authentication
CVE-2023-44397
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.13%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 22:28
Updated-05 Sep, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CloudExplorer Lite permission bypass vulnerability

CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue.

Action-Not Available
Vendor-FIT2CLOUD Inc.CloudExplorer Lite (FIT2CLOUD Inc.)
Product-cloudexplorer_liteCloudExplorer-Lite
CWE ID-CWE-287
Improper Authentication
CVE-2023-43551
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 16.97%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Multi-Mode Call Processor

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_wear_3100_firmwaresdm429w_firmwareqcm8550_firmwareapq8017sd865_5gqcs410_firmwarerobotics_rb3sw5100psxr1120qcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_7c_gen_2_compute_firmwaresnapdragon_670_mobileqca4004qca6696snapdragon_x70_modem-rf_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700wcn3610snapdragon_208_firmwaresnapdragon_750g_5g_mobilesnapdragon_780g_5g_mobilesnapdragon_685_4g_mobilevision_intelligence_200_firmwaresnapdragon_x50_5g_modem-rf_firmwaresnapdragon_782g_mobile_firmwaresnapdragon_wear_4100\+_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_auto_4g_modemsnapdragon_665_mobile_firmwaresc8180xp-aaab9205_lte_modemqca6574au_firmwaresnapdragon_690_5g_mobile_firmware9207_lte_modem_firmwarewcd9341sd626_firmwaresnapdragon_wear_1300qca6574ausnapdragon_820_automotive205_mobilesnapdragon_888\+_5g_mobile_firmwaresnapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarewcd9390csra6640snapdragon_212_mobilemsm8209_firmwaresnapdragon_778g_5g_mobile_firmwaresc8180xp-acafsnapdragon_850_mobile_computewcn3660b_firmwaresd730snapdragon_820_automotive_firmwarefastconnect_6800_firmwareqcs5430snapdragon_690_5g_mobile9207_lte_modemsd835_firmwareqcn6024_firmwaresnapdragon_636_mobile_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_712_mobile_firmwareqcm6125_firmwarec-v2x_9150snapdragon_678_mobile_firmwaresnapdragon_425_mobileqcc710snapdragon_1100_wearable_firmwaresnapdragon_xr2_5g_firmwaremdm9615msm8108snapdragon_xr1_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmwaresnapdragon_wear_4100\+315_5g_iot_modem_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqfw7114snapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200315_5g_iot_modemqca6310wcd9360qca6335snapdragon_x65_5g_modem-rfqcs4490snapdragon_730_mobilesnapdragon_wear_3100mdm9250snapdragon_680_4g_mobilewsa8845qca6421_firmwareqcm6125snapdragon_212_mobile_firmwaremdm9230sc8180x-adqca6564au_firmwaresd820snapdragon_429_mobile_firmwarewsa8810mdm8207snapdragon_835_mobilesnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwaresnapdragon_wear_2500snapdragon_662_mobile_firmwaresnapdragon_685_4g_mobile_firmwarewcd9326_firmwaresnapdragon_845_mobile_firmwaremdm9640_firmwarewsa8840mdm9230_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesd835snapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwarewcd9371_firmwaresnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqts110wcn3910_firmwaresnapdragon_460_mobilesnapdragon_8_gen_2_mobileqca6420qca6174_firmwarewcn3910mdm9205s_firmwarewcd9370_firmwarecsrb31024qca9367mdm9250_firmwaresnapdragon_712_mobilesnapdragon_835_mobile_firmwarewcn3660bqca6574asnapdragon_8\+_gen_2_mobilewcn3620_firmwareqca6174aqca6584_firmwarewcd9340qcm2290snapdragon_1200_wearable_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwaresnapdragon_662_mobileqcn9024vision_intelligence_300_firmwareqca6574215_mobilesd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresdx57msmart_audio_400qcn9024_firmwarewsa8845hwcd9326qcs410qcm2290_firmwarevision_intelligence_100snapdragon_630_mobileqca6564asnapdragon_765g_5g_mobile_firmwaresnapdragon_wear_2100_firmwarewsa8830smart_display_200_firmwaresm8550psnapdragon_wear_2100snapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computesc8180x\+sdx55_firmwarear8035msm8996ausnapdragon_208snapdragon_7c_compute_firmwarewcn3620qcm4325qcn6224snapdragon_865\+_5g_mobile_firmwaresnapdragon_x5_lte_modemsnapdragon_429_mobilesc8180x\+sdx55qca6698aqwcn3950_firmwaresm6250mdm9205ssnapdragon_480\+_5g_mobilefastconnect_6200sd670wcn3680bsm7325p_firmwarewcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_210_firmwaresnapdragon_660_mobile_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_855_mobileqcs6490snapdragon_210snapdragon_695_5g_mobilesc8180xp-acaf_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqcn6224_firmwarevision_intelligence_100_firmwareqca6431wsa8845_firmwaresd660_firmwarewsa8832mdm9330_firmwaresnapdragon_auto_4g_modem_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwaresxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresc8180xp-aaab_firmwaremdm9630snapdragon_778g\+_5g_mobile205_mobile_firmwareqca6320msm8608_firmwaresd888_firmwaremsm8209wcd9306qca6564auqcs6125_firmwaresnapdragon_1100_wearablesnapdragon_425_mobile_firmwaresnapdragon_wear_1300_firmwaresm6250p_firmwaresc8180xp-adar6003wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290sd_455_firmwaremsm8608sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_665_mobilesm7250p_firmwarewcn3680_firmwareqcm4490_firmwarevision_intelligence_400_firmwarewcn3950qcs6125snapdragon_870_5g_mobile_firmwaresnapdragon_730g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobileqca4004_firmwaresnapdragon_778g\+_5g_mobile_firmwareapq8037smart_audio_400_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresmart_audio_200_firmwaresnapdragon_678_mobilesnapdragon_720g_mobilesd_455sm7250pcsrb31024_firmwaresc8180x-acafsm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqca6584ausd888qca6320_firmwareqcn6274_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_wear_2500_firmwaresw5100_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwareqca6310_firmwaresnapdragon_845_mobilesd626fastconnect_6800qfw7114_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarewcd9371mdm9630_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380smart_audio_200snapdragon_xr2_5gsnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_1200_wearablesnapdragon_auto_5g_modem-rf_firmwaresc8180x-aaabsc8180x-aaab_firmwaresw5100video_collaboration_vc3_platformaqt1000wcd9306_firmwaresnapdragon_4_gen_1_mobile_firmware215_mobile_firmwarec-v2x_9150_firmwaresd855qca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmware9205_lte_modem_firmwaresm7315snapdragon_660_mobileqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqcs2290_firmwaremsm8909w_firmwaresnapdragon_8_gen_1_mobilewcn3615qca9367_firmwaresnapdragon_630_mobile_firmwarewcd9330mdm8207_firmwaresnapdragon_680_4g_mobile_firmwarewcn3680wcn3610_firmwareqcs4290wcd9390_firmwaresnapdragon_865\+_5g_mobilesd820_firmwareqca6430snapdragon_855\+_mobilesg8275psm6250psnapdragon_765_5g_mobilesnapdragon_860_mobilesdx55_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfwcn3615_firmwaresxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcm4490csra6640_firmwaresnapdragon_480\+_5g_mobile_firmwareqca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_x50_5g_modem-rfapq8037_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436snapdragon_x70_modem-rfwcn3980_firmwaresnapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqcn6274qfw7124qca6595au_firmwareqcs610sw5100p_firmwareqca6696_firmwareqcs4290_firmwaresnapdragon_430_mobile_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqca9377mdm9628_firmwaresnapdragon_x75_5g_modem-rfqcm4325_firmwaresnapdragon_439_mobile_firmware9206_lte_modemqca6574a_firmwaresdx55snapdragon_4_gen_1_mobileqcm4290_firmwaresnapdragon_720g_mobile_firmwaresnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675wcd9375_firmwareqca6391snapdragon_710_mobileqts110_firmwaremdm9615_firmwareqcs5430_firmwaresnapdragon_439_mobilesg4150p_firmwareqca6584csra6620_firmwareqcs8550fastconnect_7800sd865_5g_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_xr1wcd9375vision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwaresnapdragon_430_mobilesnapdragon_636_mobilesd_675snapdragon_8\+_gen_1_mobile_firmwarevision_intelligence_400wsa8835_firmwaresmart_display_200ar6003_firmwarewcn3980qca6584au_firmwaremdm9330msm8909wwcn3680b_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm2290_firmwareqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwaremdm9640_firmwaremsm8996au_firmware315_5g_iot_modem_firmwareqcs2290_firmwareqca6431_firmwaremdm9628_firmwareqcn6224_firmwaremsm8909w_firmwaresd670_firmwaremdm9205s_firmwareqca6420_firmwareqca6595au_firmwareqca6174_firmwaresd730_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwareqca6584au_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwaremsm8108_firmwareqca6335_firmwareqcn6024_firmwareqcm4325_firmwareqca6574_firmwareqca6584_firmwareqca6426_firmwaremdm9230_firmwareqca6320_firmwareqca6574a_firmwareqca6574au_firmwarefastconnect_6200_firmwareqca8081_firmwareqca6436_firmwareqca6421_firmware9205_lte_modem_firmwareaqt1000_firmwareqca6564au_firmwarear6003_firmwareqca9367_firmwareqcm8550_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwarecsrb31024_firmwareqcm6490_firmwarefastconnect_6900_firmwarerobotics_rb3_platform_firmwareqca4004_firmwareqcs8550_firmware9206_lte_modem_firmwarefastconnect_6700_firmwareqca6564a_firmwareapq8017_firmwaresd626_firmwareqcn9024_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcs610_firmwareqca6698aq_firmwaremsm8209_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6174a_firmwaremdm9250_firmwareqcs4290_firmwarequalcomm_205_mobile_platform_firmware9207_lte_modem_firmwareqca6696_firmwareqcs6490_firmwaremdm8207_firmwareqcs5430_firmwaresd820_firmwareqca6391_firmwaremsm8608_firmwaresd888_firmwareqcc710_firmwaremdm9330_firmwaresd855_firmwaresd865_5g_firmwaremdm9615_firmwareapq8037_firmwaresd660_firmwarefastconnect_6800_firmwareqcs410_firmwareqfw7124_firmwaremdm9630_firmwarear8035_firmwareqcm6125_firmwareqts110_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2026-11703
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.28%
||
7 Day CHG-0.06%
Published-25 Jun, 2026 | 21:15
Updated-27 Jun, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption

Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual hosts, carry the cached peer-authentication state into a context it was not established for. Resumption now verifies the SNI/ALPN binding for all paths and declines (falling back to a full handshake) on mismatch.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-287
Improper Authentication
CVE-2025-21618
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.76%
||
7 Day CHG~0.00%
Published-06 Jan, 2025 | 16:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NiceGUI On Air authentication issue

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1.

Action-Not Available
Vendor-zauberzeug
Product-nicegui
CWE ID-CWE-287
Improper Authentication
CVE-2023-39345
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-0.50% / 38.95%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 18:26
Updated-04 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized Access to Private Fields in User Registration API in strapi

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Strapi, Inc.
Product-strapistrapistrapi
CWE ID-CWE-287
Improper Authentication
CVE-2019-20620
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 25.29%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:36
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-20565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.06%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:32
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found