Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-64717

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-13 Nov, 2025 | 15:30
Updated At-13 Nov, 2025 | 17:09
Rejected At-
Credits

ZITADEL vulnerable to Account Takeover with deactivated Instance IdP

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. This vulnerability stems from the platform's failure to correctly check or enforce an organization's specific security settings during the authentication flow. An Organization Administrator can explicitly disable an IdP or disallow federation, but this setting was not being honored during the auto-linking process. This allowed an unauthenticated attacker to initiate a login using an IdP that should have been disabled for that organization. The platform would incorrectly validate the login and, based on a matching criteria, link the attacker's external identity to an existing internal user account. This may result in a full Account Takeover, bypassing the organization's mandated security controls. Note that accounts with MFA enabled can not be taken over by this attack. Also note that only IdPs create on an instance level would allow this to work. IdPs registered on another organization would always be denied in the (auto-)linking process. Versions 4.6.6, 3.4.4, and 2.71.19 resolve the issue by correctly validating the organization's login policy before auto-linking an external user. No known workarounds are available aside from upgrading.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ĽCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:13 Nov, 2025 | 15:30
Updated At:13 Nov, 2025 | 17:09
Rejected At:
â–ĽCVE Numbering Authority (CNA)
ZITADEL vulnerable to Account Takeover with deactivated Instance IdP

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. This vulnerability stems from the platform's failure to correctly check or enforce an organization's specific security settings during the authentication flow. An Organization Administrator can explicitly disable an IdP or disallow federation, but this setting was not being honored during the auto-linking process. This allowed an unauthenticated attacker to initiate a login using an IdP that should have been disabled for that organization. The platform would incorrectly validate the login and, based on a matching criteria, link the attacker's external identity to an existing internal user account. This may result in a full Account Takeover, bypassing the organization's mandated security controls. Note that accounts with MFA enabled can not be taken over by this attack. Also note that only IdPs create on an instance level would allow this to work. IdPs registered on another organization would always be denied in the (auto-)linking process. Versions 4.6.6, 3.4.4, and 2.71.19 resolve the issue by correctly validating the organization's login policy before auto-linking an external user. No known workarounds are available aside from upgrading.

Affected Products
Vendor
zitadel
Product
zitadel
Versions
Affected
  • >= 4.0.0-rc.1, < 4.6.6
  • >= 3.0.0-rc.1, < 3.4.4
  • >= 2.50.0, < 2.71.19
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
4.07.4HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/zitadel/zitadel/security/advisories/GHSA-j4g7-v4m4-77px
x_refsource_CONFIRM
https://github.com/zitadel/zitadel/releases/tag/v2.71.19
x_refsource_MISC
https://github.com/zitadel/zitadel/releases/tag/v3.4.4
x_refsource_MISC
https://github.com/zitadel/zitadel/releases/tag/v4.6.6
x_refsource_MISC
Hyperlink: https://github.com/zitadel/zitadel/security/advisories/GHSA-j4g7-v4m4-77px
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/zitadel/zitadel/releases/tag/v2.71.19
Resource:
x_refsource_MISC
Hyperlink: https://github.com/zitadel/zitadel/releases/tag/v3.4.4
Resource:
x_refsource_MISC
Hyperlink: https://github.com/zitadel/zitadel/releases/tag/v4.6.6
Resource:
x_refsource_MISC
â–ĽAuthorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–ĽNational Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:13 Nov, 2025 | 16:15
Updated At:04 Dec, 2025 | 14:39

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. This vulnerability stems from the platform's failure to correctly check or enforce an organization's specific security settings during the authentication flow. An Organization Administrator can explicitly disable an IdP or disallow federation, but this setting was not being honored during the auto-linking process. This allowed an unauthenticated attacker to initiate a login using an IdP that should have been disabled for that organization. The platform would incorrectly validate the login and, based on a matching criteria, link the attacker's external identity to an existing internal user account. This may result in a full Account Takeover, bypassing the organization's mandated security controls. Note that accounts with MFA enabled can not be taken over by this attack. Also note that only IdPs create on an instance level would allow this to work. IdPs registered on another organization would always be denied in the (auto-)linking process. Versions 4.6.6, 3.4.4, and 2.71.19 resolve the issue by correctly validating the organization's login policy before auto-linking an external user. No known workarounds are available aside from upgrading.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.4HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

zitadel
zitadel
>>zitadel>>Versions from 2.50.0(inclusive) to 2.71.19(exclusive)
cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*
zitadel
zitadel
>>zitadel>>Versions from 3.0.0(inclusive) to 3.4.4(exclusive)
cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*
zitadel
zitadel
>>zitadel>>Versions from 4.0.0(inclusive) to 4.6.6(exclusive)
cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarysecurity-advisories@github.com
CWE ID: CWE-287
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/zitadel/zitadel/releases/tag/v2.71.19security-advisories@github.com
Release Notes
https://github.com/zitadel/zitadel/releases/tag/v3.4.4security-advisories@github.com
Release Notes
https://github.com/zitadel/zitadel/releases/tag/v4.6.6security-advisories@github.com
Release Notes
https://github.com/zitadel/zitadel/security/advisories/GHSA-j4g7-v4m4-77pxsecurity-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/zitadel/zitadel/releases/tag/v2.71.19
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/zitadel/zitadel/releases/tag/v3.4.4
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/zitadel/zitadel/releases/tag/v4.6.6
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/zitadel/zitadel/security/advisories/GHSA-j4g7-v4m4-77px
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

784Records found

CVE-2025-64103
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.34% / 25.75%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 18:43
Updated-04 Nov, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zitadel Bypass Second Authentication Factor

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and potentially compromising accounts with 2FA enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.

Action-Not Available
Vendor-zitadelzitadel
Product-zitadelzitadel
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-308
Use of Single-factor Authentication
CVE-2025-64102
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.35% / 27.60%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 18:36
Updated-04 Nov, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zitadel allows brute-forcing authentication factors

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout mechanism. The mechanism is not enabled by default and can cause a denial of service for the corresponding user if enabled. Additionally, the mitigation strategies were not fully implemented in the more recent resource-based APIs. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.

Action-Not Available
Vendor-zitadelzitadel
Product-zitadelzitadel
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2026-56666
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 8.74%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 17:37
Updated-13 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZITADEL: Auto-linking by email: IdP-side email verification is not checked

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive provider account with a victim email address to be linked to the victim's local account. This issue is fixed in version 4.15.3.

Action-Not Available
Vendor-zitadel
Product-zitadel
CWE ID-CWE-287
Improper Authentication
CVE-2026-55672
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.28% / 19.55%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 17:19
Updated-10 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refresh tokens to be exchanged under a different client. This issue is fixed in versions 3.4.12 and 4.15.2.

Action-Not Available
Vendor-zitadel
Product-zitadel
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-49757
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.57% / 83.43%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 14:22
Updated-26 Aug, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zitadel User Registration Bypass Vulnerability

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing the registration URL (/ui/login/loginname) and register a user that way. Versions 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-zitadelzitadel
Product-zitadelzitadel
CWE ID-CWE-287
Improper Authentication
CVE-2026-29193
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.31% / 23.30%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 15:11
Updated-10 Mar, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their organizaton. This issue has been patched in version 4.12.1.

Action-Not Available
Vendor-zitadelzitadel
Product-zitadelzitadel
CWE ID-CWE-287
Improper Authentication
CVE-2025-56333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 34.31%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 00:00
Updated-07 Jan, 2026 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component

Action-Not Available
Vendor-pangolinn/a
Product-pangolinn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-15787
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.48% / 70.97%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:11
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_united_comfort_panelssimatic_hmi_united_comfort_panels_firmwareSIMATIC HMI Unified Comfort Panels
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2020-16098
Matching Score-4
Assigner-Gallagher Group Ltd.
ShareView Details
Matching Score-4
Assigner-Gallagher Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.60%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 13:22
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.

Action-Not Available
Vendor-Gallagher Group Ltd.
Product-command_centreCommand Centre
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-15835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 74.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2021 | 01:42
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.

Action-Not Available
Vendor-mofinetworkn/a
Product-mofi4500-4gxelte_firmwaremofi4500-4gxelten/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-16088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.42% / 82.32%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 11:46
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-14494
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 67.38%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 14:45
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.

Action-Not Available
Vendor-openclinic_ga_projectn/a
Product-openclinic_gaOpenClinic GA
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-14485
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 83.24%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 14:45
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

Action-Not Available
Vendor-openclinic_ga_projectn/a
Product-openclinic_gaOpenClinic GA
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2024-5806
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.1||CRITICAL
EPSS-75.81% / 99.47%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 15:04
Updated-16 Jan, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOVEit Transfer Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

Action-Not Available
Vendor-Progress Software Corporation
Product-moveit_transferMOVEit Transfermoveit_transfer
CWE ID-CWE-287
Improper Authentication
CVE-2025-5495
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.80% / 52.68%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 12:31
Updated-11 Aug, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNR614 URL improper authentication

A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wnr614_firmwarewnr614WNR614
CWE ID-CWE-287
Improper Authentication
CVE-2022-20798
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 69.99%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 17:55
Updated-01 Nov, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manageremail_security_applianceCisco Email Security Appliance (ESA)
CWE ID-CWE-287
Improper Authentication
CVE-2020-12812
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-49.34% / 98.76%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 22:28
Updated-24 Oct, 2025 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiosFortinet FortiOSFortiOS
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CWE ID-CWE-287
Improper Authentication
CVE-2025-5512
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.66% / 47.28%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 17:00
Updated-03 Oct, 2025 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-quequnlongquequnlong
Product-shiyi-blogshiyi-blog
CWE ID-CWE-287
Improper Authentication
CVE-2020-12874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.90% / 55.75%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 19:07
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-aptaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-55293
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.39% / 31.74%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 17:24
Updated-17 Oct, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing publicKey (and resetting the size to 0) for a known node. Then a new key bypasses 'if (info->user.public_key.size > 0) {', and this malicious key is stored in NodeDB. This vulnerability is fixed in 2.6.3.

Action-Not Available
Vendor-meshtasticmeshtastic
Product-meshtastic_firmwarefirmware
CWE ID-CWE-287
Improper Authentication
CVE-2025-55234
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-18.83% / 96.97%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Elevation of Privilege Vulnerability

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing &amp; SMB Server EPA. Adopt appropriate SMB Server hardening measures.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-287
Improper Authentication
CVE-2020-11796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 65.50%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-11965
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 78.74%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 12:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Action-Not Available
Vendor-evenrouten/a
Product-iqrouter_firmwareiqroutern/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-12126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.29% / 67.01%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 08:12
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn530h4wn530h4_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-55241
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-1.55% / 72.29%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 23:09
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Entra ID Elevation of Privilege Vulnerability

Azure Entra ID Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-287
Improper Authentication
CVE-2020-10288
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-9.8||CRITICAL
EPSS-1.44% / 70.16%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 22:15
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#3327: No authentication required for accesing ABB IRC5 FTP server

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.

Action-Not Available
Vendor-windriverABB
Product-robotwareirb140irc5vxworksIRB140
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2020-11101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 54.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.

Action-Not Available
Vendor-sierrawirelessn/a
Product-airlink_mobility_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-11264
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-13.19% / 95.94%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 11:25
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwareqca2066sd678sa6150p_firmwaresm7250sa8145p_firmwareqcs610wsa8830qca1062_firmwareqcs2290_firmwareqca8337sm7250_firmwarecsrb31024mdm9650sd_636csra6620qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwareqca2064_firmwareqca2062qca6174_firmwaresd690_5gsd730_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarewcd9370csra6640_firmwareqcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqca9377sa415mwcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950wcd9326_firmwaresd720gwcn3615_firmwarewcn3660bwcn3910_firmwareqca2065sd662sd460_firmwareqca1064sa8155qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auwcd9375_firmwarewcn3615wcn3998_firmwarewcn3999_firmwareqca6420qca6436_firmwareapq8053_firmwaresdx20mqca6564au_firmwareqca6584ausa6155p_firmwaresd778gwcn3999qrb5165_firmwaresdxr2_5gqcs6125sa8155_firmwaresd662_firmwaresdm630sa415m_firmwareqcs405qca6430sc8280xp_firmwarewcn3988_firmwaresa6145p_firmwaresm6250sd778g_firmwarewcd9340sa8195pwsa8810_firmwaresd765gsd765_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs603_firmwareqca6174a_firmwareqcs4290_firmwarewcd9385wcd9341qca2066_firmwareqca6696_firmwareqca2065_firmwaresd750gsd870_firmwareqca1062ar8035qca6390sd_8cxaqt1000apq8064ausa8150psd750g_firmwaresm6250_firmwaremsm8953_firmwarewcd9375wsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresdx20_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwaresd660_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675msm8996au_firmwaresd780gsd865_5gqca6564ausdx24sdx55m_firmwarewcn6856_firmwaresd888wsa8835qca6574msm8996ausd665_firmwarewcd9380sd888_5gqcs410qca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwareqca6174asdx24_firmwaresm7325qca6174qca6430_firmwarewcd9335_firmwarewcn3980wcn6750qca6574_firmwareqcs605wcd9340_firmwaresd855wsa8815wcn6850sd665wcn3910mdm9650_firmwareqca6175asd765qca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd768g_firmwaresd835wcn3980_firmwaresd460qca6391sd730sdx55maqt1000_firmwareqca2062_firmwarewcn6740_firmwaremsm8953sd678_firmwareapq8064au_firmwarear8031_firmwarecsrb31024_firmwareqcm4290sdx50msdx20qrb5165sd480_firmwareqcs603wcn6851_firmwareqca6164_firmwareqca6574ausa8155p_firmwaresd_636_firmwareqca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870sdx20m_firmwarewcn6855wsa8810qcs610_firmwarewcn6856sa6145pwcn3680bsd835_firmwaresd768gapq8096auar8031qcs405_firmwareqca1064_firmwaresa8145pqca6164qca6696sdm630_firmwareqca6391_firmwarewcn6740qca2064sd780g_firmwaresd845_firmwarewcd9370_firmwaresa6150psd888_firmwaresc8280xpapq8053apq8096au_firmwarecsra6640sa8155psd675sd845sdx55sd720g_firmwareqcs410_firmwareqca6175a_firmwarear8035_firmwareqcm2290sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-287
Improper Authentication
CVE-2026-5570
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.60% / 44.68%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 13:30
Updated-30 Apr, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Technostrobe HI-LED-WR120-G2 LoginCB index_config improper authentication

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-technostrobeTechnostrobe
Product-hi-led-wr120-g2hi-led-wr120-g2_firmwareHI-LED-WR120-G2
CWE ID-CWE-287
Improper Authentication
CVE-2023-33553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 60.33%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.

Action-Not Available
Vendor-planetn/a
Product-wdrt-1800axwdrt-1800ax_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2023-34340
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 70.07%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 07:01
Updated-09 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-accumuloApache Accumuloaccumulo
CWE ID-CWE-287
Improper Authentication
CVE-2023-3337
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.69% / 48.79%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 12:00
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authentication

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.

Action-Not Available
Vendor-online_shopping_system_advanced_projectPuneethReddyHC
Product-online_shopping_system_advancedOnline Shopping System Advanced
CWE ID-CWE-287
Improper Authentication
CVE-2023-7210
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.98% / 58.39%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 09:31
Updated-14 Nov, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OneNav API improper authentication

A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.

Action-Not Available
Vendor-onenavn/a
Product-onenavOneNav
CWE ID-CWE-287
Improper Authentication
CVE-2023-6768
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.4||CRITICAL
EPSS-0.98% / 58.30%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 09:49
Updated-16 Sep, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass vulnerability in Amazing Little Poll

Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter.

Action-Not Available
Vendor-mr-cornerAmazing Little poll
Product-amazing_little_pollAmazing Little poll
CWE ID-CWE-287
Improper Authentication
CVE-2023-34124
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-44.71% / 98.63%
||
7 Day CHG+3.82%
Published-13 Jul, 2023 | 00:14
Updated-08 Apr, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-global_management_systemanalyticsAnalyticsGMS
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2023-33274
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 60.67%
||
7 Day CHG+0.17%
Published-12 Jul, 2023 | 00:00
Updated-07 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.

Action-Not Available
Vendor-voltronicpowern/a
Product-snmp_web_pron/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-0002
Matching Score-4
Assigner-Pure Storage, Inc.
ShareView Details
Matching Score-4
Assigner-Pure Storage, Inc.
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.35%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 17:26
Updated-27 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.

Action-Not Available
Vendor-purestoragePureStoragepurestorage
Product-purity\/\/faFlashArrayflasharray
CWE ID-CWE-287
Improper Authentication
CVE-2023-32347
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.66% / 47.67%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 14:58
Updated-16 Jan, 2025 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.

Action-Not Available
Vendor-teltonikaTeltonika
Product-remote_management_systemRemote Management System
CWE ID-CWE-287
Improper Authentication
CVE-2023-32243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-75.53% / 99.47%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 07:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor
CWE ID-CWE-287
Improper Authentication
CVE-2023-32220
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.2||HIGH
EPSS-0.60% / 44.56%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 00:00
Updated-06 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Milesight NCR/Camera Authentication Bypass

Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.

Action-Not Available
Vendor-Milesight
Product-ncr\/camerancr\/camera_firmwareNCR/camera
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2019-6814
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-36.65% / 98.33%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:38
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

Action-Not Available
Vendor-n/a
Product-net5504_firmwarenet5500_firmwarenet5501-inet5508net5516_firmwarenet5508_firmwarenet5516net5501_firmwarenet5504net5501-xt_firmwarenet5501-xtnet5500net5501-i_firmwarenet5501ĂŠNET55XX Encoder with firmware prior to version 2.1.9.ĂŠ
CWE ID-CWE-287
Improper Authentication
CVE-2023-31634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 54.31%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 00:00
Updated-28 May, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.

Action-Not Available
Vendor-teslamaten/ateslamate_project
Product-teslamaten/ateslamate
CWE ID-CWE-287
Improper Authentication
CVE-2023-6036
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 75.68%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 16:06
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

Action-Not Available
Vendor-miniorangeUnknown
Product-web3_-_crypto_wallet_login_\&_nft_token_gatingWeb3
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2023-31224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 44.09%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is broken access control during authentication in Jamf Pro Server before 10.46.1.

Action-Not Available
Vendor-jamfn/a
Product-jamfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-30967
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.52%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 23:18
Updated-10 Sep, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotham Orbital Simulator path traversal

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.

Action-Not Available
Vendor-palantirPalantir
Product-orbital_simulatorcom.palantir.meta:orbital-simulator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-287
Improper Authentication
CVE-2025-52395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 40.90%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 00:00
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-30869
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-3.10% / 86.29%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 09:46
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Digital Downloads Plugin 3.1-3.1.1.4.1 is vulnerable to Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.

Action-Not Available
Vendor-Sandhills Development, LLC (EasyDigitalDownloads)Awesome Motive Inc.
Product-easy_digital_downloadsEasy Digital Downloads
CWE ID-CWE-287
Improper Authentication
CVE-2025-52376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.14% / 94.75%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 00:00
Updated-15 Jul, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible with hard-coded credentials, allowing attackers to gain administrative shell access and execute arbitrary commands on the device.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-30945
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.97%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 23:00
Updated-05 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-30945

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.

Action-Not Available
Vendor-palantirPalantir
Product-clips2video_history_servicevideo_clip_distributorcom.palantir.video:video-history-servercom.palantir.gotham:clips2com.palantir.video:video-clip-distributor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-287
Improper Authentication
CVE-2023-31242
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-3.36% / 87.35%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 16:15
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-openautomationsoftwareOpen Automation Softwareopenautomationsoftware
Product-oas_platformOAS Platformoas_platform
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found