Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-15097

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-26 Dec, 2025 | 02:32
Updated At-26 Dec, 2025 | 19:30
Rejected At-
Credits

Alteryx Server status improper authentication

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:26 Dec, 2025 | 02:32
Updated At:26 Dec, 2025 | 19:30
Rejected At:
â–¼CVE Numbering Authority (CNA)
Alteryx Server status improper authentication

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.

Affected Products
Vendor
Alteryx
Product
Server
Versions
Affected
  • 2020.2.3.27789
  • 2021.4.2.47895
  • 2022.1.1.30961
  • 2022.1.1.42707
  • 2023.1.1.123
  • 2023.1.1.306
  • 2023.2.1.51
  • 2024.1.1.49
  • 2024.1.1.136
  • 2024.1.1.209
  • 2024.2.1.14
  • 2024.2.1.41
  • 2024.2.1.73
  • 2024.2.1.94
Unaffected
  • 2023.1.1.13.486
  • 2023.2.1.10.293
  • 2024.1.1.9.236
  • 2024.2.1.6.125
  • 2025.1.1.1.31
Problem Types
TypeCWE IDDescription
CWECWE-287Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: Improper Authentication
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.07.5N/A
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 2.0
Base score: 7.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Diyan Apostolov (ICT Strypes)
reporter
fosi (VulDB User)
Timeline
EventDate
Advisory disclosed2025-12-25 00:00:00
VulDB entry created2025-12-25 01:00:00
VulDB entry last update2025-12-25 16:23:29
Event: Advisory disclosed
Date: 2025-12-25 00:00:00
Event: VulDB entry created
Date: 2025-12-25 01:00:00
Event: VulDB entry last update
Date: 2025-12-25 16:23:29
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/?id.338428
vdb-entry
https://vuldb.com/?ctiid.338428
signature
permissions-required
https://vuldb.com/?submit.710169
third-party-advisory
https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdf
related
https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c
exploit
https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.html
patch
Hyperlink: https://vuldb.com/?id.338428
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.338428
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.710169
Resource:
third-party-advisory
Hyperlink: https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdf
Resource:
related
Hyperlink: https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c
Resource:
exploit
Hyperlink: https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.html
Resource:
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:26 Dec, 2025 | 03:15
Updated At:29 Dec, 2025 | 15:57

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-287Primarycna@vuldb.com
CWE ID: CWE-287
Type: Primary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08ccna@vuldb.com
N/A
https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.htmlcna@vuldb.com
N/A
https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdfcna@vuldb.com
N/A
https://vuldb.com/?ctiid.338428cna@vuldb.com
N/A
https://vuldb.com/?id.338428cna@vuldb.com
N/A
https://vuldb.com/?submit.710169cna@vuldb.com
N/A
Hyperlink: https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.html
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdf
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.338428
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.338428
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.710169
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

761Records found

CVE-2020-16088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.42% / 82.15%
||
7 Day CHG+0.02%
Published-28 Jul, 2020 | 11:46
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-6451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.61% / 83.52%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 14:31
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability

Action-Not Available
Vendor-lorextechnologyn/a
Product-lnc104lnc116lnc116_firmwarelnc104_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-16327
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.80% / 75.90%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 17:28
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-601_firmwaredir-601n/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-5570
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.60% / 44.29%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 13:30
Updated-30 Apr, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Technostrobe HI-LED-WR120-G2 LoginCB index_config improper authentication

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-technostrobeTechnostrobe
Product-hi-led-wr120-g2hi-led-wr120-g2_firmwareHI-LED-WR120-G2
CWE ID-CWE-287
Improper Authentication
CVE-2012-4456
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.96% / 89.19%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

Action-Not Available
Vendor-n/aOpenStack
Product-keystonen/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-4595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.53% / 82.95%
||
7 Day CHG~0.00%
Published-22 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-email_gatewayemail_and_web_securityn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-16190
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.66% / 83.85%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 19:54
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-885ldir-868l_firmwaredir-885l_firmwaredir-895l_firmwaredir-895ldir-868ln/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-4688
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.65% / 73.58%
||
7 Day CHG~0.00%
Published-31 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
I-GEN opLYNX Central Authentication Bypass

The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.

Action-Not Available
Vendor-i-geni-GEN Solutions Corporation
Product-oplynxopLYNX
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-592
DEPRECATED: Authentication Bypass Issues
CVE-2022-4001
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.34% / 26.23%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability could allow an attacker to access API functions without authentication.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-Q14 Mesh Router Firmwareq14_mesh_router_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2020-12874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.90% / 55.38%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 19:07
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-aptaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-4392
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.73%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloud_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-11661
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.56% / 42.59%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 04:32
Updated-17 Oct, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProjectsAndPrograms School Management System missing authentication

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery

Action-Not Available
Vendor-oranbyteProjectsAndPrograms
Product-school_management_systemSchool Management System
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-11942
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.12% / 62.28%
||
7 Day CHG~0.00%
Published-19 Oct, 2025 | 16:02
Updated-17 Nov, 2025 | 12:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
70mai X200 Pairing missing authentication

A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-70mai70mai
Product-x200_firmwarex200X200
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2012-2714
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.29% / 87.00%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 19:56
Updated-06 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.

Action-Not Available
Vendor-browserid_projectBrowserID
Product-browseridBrowserID
CWE ID-CWE-287
Improper Authentication
CVE-2025-1104
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-2.68% / 83.99%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 16:31
Updated-21 May, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DHP-W310AV authentication spoofing

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dhp-w310av_firmwaredhp-w310avDHP-W310AV
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-11287
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.58% / 43.32%
||
7 Day CHG-0.01%
Published-05 Oct, 2025 | 07:02
Updated-09 Oct, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
samanhappy MCPHub sseService.ts handleSseConnectionfunction improper authentication

A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-mcphubxsamanhappy
Product-mcphubMCPHub
CWE ID-CWE-287
Improper Authentication
CVE-2025-10463
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.3||HIGH
EPSS-0.29% / 21.01%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 12:07
Updated-05 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Birtech Information Technologies' Sensaway

Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse. This issue affects Senseway: through 09022026.  NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.

Action-Not Available
Vendor-Birtech Information Technologies Industry and Trade Ltd. Co.
Product-Senseway
CWE ID-CWE-287
Improper Authentication
CVE-2020-11796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 65.23%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-2388
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.32% / 87.12%
||
7 Day CHG+0.04%
Published-27 Jun, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."

Action-Not Available
Vendor-strongswann/a
Product-strongswann/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-4671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 80.92%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.

Action-Not Available
Vendor-beaussiern/a
Product-roomphplanningn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-10888
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-5.9||MEDIUM
EPSS-2.46% / 82.46%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-287
Improper Authentication
CVE-2012-1123
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.73% / 88.48%
||
7 Day CHG~0.00%
Published-29 Jun, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)
Product-mantisbtn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-11020
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-1.53% / 71.76%
||
7 Day CHG+0.03%
Published-29 Apr, 2020 | 17:35
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication and extension bypass in Faye

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.

Action-Not Available
Vendor-faye_projectfaye
Product-fayeFaye
CWE ID-CWE-287
Improper Authentication
CVE-2012-0803
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.54% / 87.87%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cxfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-3997
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.37% / 68.51%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.

Action-Not Available
Vendor-opengearn/a
Product-opengear_console_server_firmwarecm4000_console_serverim4004-5_console_serveracm5000_console_serverim4200_console_serverkcs6000_rackside_console_serverimg4000_console_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-3674
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.51% / 39.82%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-14 Apr, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Sanitization Management System missing authentication

A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-sanitization_management_systemSanitization Management System
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2011-4628
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 73.58%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 16:22
Updated-07 Aug, 2024 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.

Action-Not Available
Vendor-TYPO3 Association
Product-typo3TYPO3
CWE ID-CWE-287
Improper Authentication
CVE-2011-4068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 71.94%
||
7 Day CHG~0.00%
Published-01 Feb, 2018 | 17:00
Updated-06 Aug, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.

Action-Not Available
Vendor-packetfencen/a
Product-packetfencen/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-3372
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.36% / 87.26%
||
7 Day CHG~0.00%
Published-24 Dec, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Action-Not Available
Vendor-cyrusn/a
Product-imapdn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-3620
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.31% / 91.60%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-qpidn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1535
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-98.11% / 99.91%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpinternet_information_serviceswindows_server_2003n/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-2907
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.88% / 85.14%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program.

Action-Not Available
Vendor-clusterresourcesn/a
Product-torque_resource_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-33750
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 72.94%
||
7 Day CHG+0.04%
Published-16 Jun, 2022 | 21:20
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_automic_automationCA Automic Automation
CWE ID-CWE-287
Improper Authentication
CVE-2011-2766
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.24% / 93.57%
||
7 Day CHG~0.00%
Published-23 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

Action-Not Available
Vendor-fast_cgi_projectn/aDebian GNU/Linux
Product-debian_linuxfast_cgin/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-3465
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.77% / 51.05%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 00:00
Updated-14 Apr, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mediabridge Medialink index.asp improper authentication

A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.

Action-Not Available
Vendor-mediabridgeproductsMediabridge
Product-mlwr-ac1200r_firmwaremlwr-ac1200rMedialink
CWE ID-CWE-287
Improper Authentication
CVE-2024-5732
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.89% / 54.99%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 10:00
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clash Proxy Port improper authentication

A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-267406 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-clashforwindowsn/a
Product-clashClash
CWE ID-CWE-287
Improper Authentication
CVE-2022-31013
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.37% / 68.63%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 22:35
Updated-23 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass in Vartalap chat-server

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.

Action-Not Available
Vendor-chat_server_projectramank775
Product-chat_serverchat-server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-20
Improper Input Validation
CVE-2022-31125
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-19.73% / 97.08%
||
7 Day CHG+3.80%
Published-06 Jul, 2022 | 00:00
Updated-23 Apr, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in Roxy-wi

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-roxy-wihap-wi
Product-roxy-wiroxy-wi
CWE ID-CWE-287
Improper Authentication
CVE-2022-29775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-59.92% / 99.02%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 13:59
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.

Action-Not Available
Vendor-ispyconnectn/a
Product-ispyn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-30238
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.3||HIGH
EPSS-0.92% / 55.82%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 22:45
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Action-Not Available
Vendor-
Product-wiser_smart_eer21000wiser_smart_eer21001_firmwarewiser_smart_eer21000_firmwarewiser_smart_eer21001Wiser Smart
CWE ID-CWE-287
Improper Authentication
CVE-2019-6521
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-1.93% / 77.51%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/scadan/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-2628
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.01% / 89.31%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.

Action-Not Available
Vendor-Red Hat, Inc.CURL
Product-curlenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_servercurl
CWE ID-CWE-287
Improper Authentication
CVE-2010-4333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.12% / 93.48%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.

Action-Not Available
Vendor-pangramsoftn/a
Product-pointter_php_micro-blogging_social_networkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-4478
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.24% / 89.82%
||
7 Day CHG~0.00%
Published-06 Dec, 2010 | 22:00
Updated-28 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-4252
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.08% / 94.10%
||
7 Day CHG~0.00%
Published-06 Dec, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 64.02%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 19:16
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-51767
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.3||HIGH
EPSS-1.14% / 62.66%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 10:18
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE AutoPass License Server
CWE ID-CWE-287
Improper Authentication
CVE-2010-3905
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-2.86% / 85.06%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.

Action-Not Available
Vendor-eucalyptusn/a
Product-eucalyptusn/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-3896
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.26%
||
7 Day CHG~0.00%
Published-12 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.

Action-Not Available
Vendor-n/aIBM Corporation
Product-omnifindn/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-10777
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 32.48%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 22:30
Updated-04 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ealpha072 Student-Management-System Administrative Backend config.php improper authentication

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-ealpha072
Product-Student-Management-System
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found