Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-34727

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-10 Apr, 2026 | 15:45
Updated At-13 Apr, 2026 | 15:37
Rejected At-
Credits

Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. This vulnerability is fixed in 2.3.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:10 Apr, 2026 | 15:45
Updated At:13 Apr, 2026 | 15:37
Rejected At:
▼CVE Numbering Authority (CNA)
Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. This vulnerability is fixed in 2.3.0.

Affected Products
Vendor
go-vikunja
Product
vikunja
Versions
Affected
  • < 2.3.0
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg
x_refsource_CONFIRM
Hyperlink: https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg
exploit
Hyperlink: https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:10 Apr, 2026 | 16:16
Updated At:20 Apr, 2026 | 19:55

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. This vulnerability is fixed in 2.3.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches

vikunja
vikunja
>>vikunja>>Versions before 2.3.0(exclusive)
cpe:2.3:a:vikunja:vikunja:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Secondarysecurity-advisories@github.com
CWE ID: CWE-287
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cgsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8jvc-mcx6-r4cg
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

138Records found

CVE-2026-27575
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.43% / 34.45%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 21:35
Updated-05 Mar, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account (via brute-force or credential stuffing) can maintain persistent access even after the victim resets their password. Version 2.0.0 contains a fix.

Action-Not Available
Vendor-vikunjago-vikunja
Product-vikunjavikunja
CWE ID-CWE-521
Weak Password Requirements
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-33473
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.26% / 17.11%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 15:18
Updated-27 Mar, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue.

Action-Not Available
Vendor-vikunjago-vikunja
Product-vikunjavikunja
CWE ID-CWE-287
Improper Authentication
CVE-2023-27582
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.02% / 59.15%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 21:40
Updated-25 Feb, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Full authentication bypass if SASL authorization username is specified

maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.

Action-Not Available
Vendor-maddy_projectfoxcpp
Product-maddymaddy
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2023-25957
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.53%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 09:31
Updated-27 Feb, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML (Mendix 9 latest compatible, New Track)Mendix SAML (Mendix 8 compatible)Mendix SAML (Mendix 9 latest compatible, Upgrade Track)Mendix SAML (Mendix 9.6 compatible, New Track)Mendix SAML (Mendix 9.6 compatible, Upgrade Track)Mendix SAML (Mendix 7 compatible)
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2020-25251
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.22% / 64.89%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 02:20
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.

Action-Not Available
Vendor-hylandn/a
Product-onbasen/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-23460
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.1||CRITICAL
EPSS-0.69% / 48.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Priority Web – Authentication bypass

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.

Action-Not Available
Vendor-priority-softwarePriority
Product-priorityPriority Web
CWE ID-CWE-287
Improper Authentication
CVE-2024-25128
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.86% / 53.95%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 15:30
Updated-14 Oct, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.

Action-Not Available
Vendor-dpgaspardpgaspardpgaspar
Product-flask-appbuilderFlask-AppBuilderflask-appbuilder
CWE ID-CWE-287
Improper Authentication
CVE-2023-22964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.45% / 82.39%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plus_mspn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-22497
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 47.88%
||
7 Day CHG~0.00%
Published-14 Jan, 2023 | 01:02
Updated-10 Mar, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netdata is vulnerable to improper authentication

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.

Action-Not Available
Vendor-netdatanetdata
Product-netdatanetdata
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-21455
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 32.25%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-exynosexynos_firmwareSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-23255
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.67% / 47.54%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmacOSiOS and iPadOSiosipadosmacos
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-7876
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.31% / 23.01%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:56
Updated-11 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_high-speed_transfer_server_for_cloud_pak_for_integrationAspera HSTS for CP4I
CWE ID-CWE-287
Improper Authentication
CVE-2024-25618
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.48% / 37.73%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 20:45
Updated-12 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
External OpenID Connect Account Takeover by E-Mail Change in mastodon

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-joinmastodonmastodon
Product-mastodonmastodon
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-20214
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.73% / 49.80%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 21:24
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-287
Improper Authentication
CVE-2025-24895
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.56% / 42.51%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 18:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; 2. Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The library cie-aspnetcore refers to the second entity, the SP, and implements the validation logic of SAML assertions within SAML responses. In affected versions there is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This issue has been addressed in version 2.1.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-italia
Product-cie-aspnetcore
CWE ID-CWE-287
Improper Authentication
CVE-2025-24894
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.56% / 42.51%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 18:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The validation logic of the signature is central as it ensures that you cannot create a SAML response with arbitrary assertions and then impersonate other users. There is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This vulnerability has been addressed in version 3.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-italia
Product-spid-aspnetcore
CWE ID-CWE-287
Improper Authentication
CVE-2025-22146
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.66%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 19:57
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authentication on SAML SSO process allows user impersonation in sentry

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-getsentry
Product-sentry
CWE ID-CWE-287
Improper Authentication
CVE-2025-22228
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.4||HIGH
EPSS-0.57% / 42.91%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 05:49
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring Security
CWE ID-CWE-287
Improper Authentication
CVE-2026-5795
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.4||HIGH
EPSS-0.53% / 40.82%
||
7 Day CHG+0.15%
Published-08 Apr, 2026 | 13:32
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.Eclipse Foundation AISBL
Product-jettyEclipse JettyRed Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14Red Hat OpenShift Dev SpacesHawtIO HawtIO 4.4.0Red Hat Offline Knowledge Portal 1.2.7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE ID-CWE-287
Improper Authentication
CVE-2025-15484
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 14.63%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 06:00
Updated-01 Apr, 2026 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.

Action-Not Available
Vendor-Unknown
Product-Order Notification for WooCommerce
CWE ID-CWE-287
Improper Authentication
CVE-2025-21450
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.29% / 20.92%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:49
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in GPS_GNSS

Cryptographic issue occurs due to use of insecure connection method while downloading.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwarewcn6650wsa8845_firmwareqcm8550_firmwarewsa8832sdx61_firmwarewcd9378_firmwaresnapdragon_7c\+_gen_3snapdragon_480_5g_mobilesw5100psm7675pqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcn7880_firmwarewcn7860_firmwaresnapdragon_778g\+_5g_mobilewcd9340_firmwarewcd9395_firmwarewcn7881_firmwareqcn6024snapdragon_x62_5g_modem-rfwcn6450qcc710_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700sm4635snapdragon_782g_mobile_firmwarewsa8815_firmwarewsa8832_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfsm6370sm4635_firmwareqcm4490_firmwareqca6574auwcd9390wcn3950snapdragon_888\+_5g_mobile_firmwarewsa8810_firmwarewsa8845h_firmwaresnapdragon_778g_5g_mobile_firmwaresm8650q_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresdx80mqcs5430snapdragon_778g\+_5g_mobile_firmwarewcn7860qcn6024_firmwareqcm5430qcm5430_firmwareqca6584auqcn6274_firmwarewcn6755_firmwareqcc710qcn9011_firmwaresnapdragon_x32_5g_modem-rf_firmwaresw5100_firmwarewcn6650_firmwaresnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sm8635qfw7114sm8635_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380wcd9360sdx61wcn7880snapdragon_x65_5g_modem-rfwcn6755qcs4490wsa8845snapdragon_auto_5g_modem-rf_firmwarewsa8810wcn7881sm6650sw5100snapdragon_888_5g_mobile_firmwareqca6595auvideo_collaboration_vc3_platformsnapdragon_888_5g_mobilesnapdragon_4_gen_1_mobile_firmwaresm6650pwsa8840qca6688aqqcs8550_firmwaresnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqca6698auqfw7124_firmwarewcd9385qca6698aq_firmwaresm8750pqcn9012snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresm8635pwcd9390_firmwaresnapdragon_x62_5g_modem-rf_firmwareqep8111_firmwaresg8275pwcd9370_firmwaresdx55_firmwaresm8750_firmwaresnapdragon_auto_5g_modem-rfqca6574asm7635p_firmwaresnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcn7861_firmwareqca6174a_firmwarewcn7861qcm6490sm7325pwcn3988qcm8550qcs6490_firmwaresm6370_firmwaresm6650_firmwareqcn9024wcn3980_firmwareqca6584au_firmwareqcn6274qfw7124snapdragon_w5\+_gen_1_wearablewsa8835qca6595au_firmwarewsa8840_firmwareqca6391_firmwareqca6698au_firmwaresw5100p_firmwareqcn9011qca6696_firmwarewsa8845hqcn9024_firmwarewcd9380_firmwaresm8650qwsa8815qca8081sd_8_gen1_5gwsa8830qca6797aqsnapdragon_x75_5g_modem-rfsm7675_firmwarear8035qca6574a_firmwaresdx55sm7635_firmwaresnapdragon_4_gen_1_mobilesm7635pwcn6450_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwaresnapdragon_7c\+_gen_3_firmwareqca6391qcn6224qcn9012_firmwareqcs5430_firmwareqca6698aqwcn3950_firmwaresm7635snapdragon_x32_5g_modem-rfqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sm7325p_firmwarewcd9360_firmwarewcd9378snapdragon_480_5g_mobile_firmwaresm8635p_firmwareqca6688aq_firmwaresm6650p_firmwaresm8750p_firmwarewcd9375wcn3988_firmwarefastconnect_6700_firmwaresm7675video_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaresdx80m_firmwaresnapdragon_x75_5g_modem-rf_firmwarewcn3980qcs6490sm7675p_firmwaresnapdragon_695_5g_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwaresnapdragon_8_gen_3_mobilewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-55759
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.24% / 15.40%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 21:07
Updated-26 Jun, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless of aud, exp, nbf, or nonce. An attacker who obtains a target user's Apple identity token (from server logs, an intercepted sign-in flow, or another application sharing the same Apple developer team) can replay it to authenticate as that user, with no expiration on the replay window. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13.

Action-Not Available
Vendor-RocketChat
Product-Rocket.Chat
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2026-54089
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.34% / 25.71%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 17:46
Updated-25 Jun, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Browser: Authentication Bypass via Proxy Auth Header Forgery

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication (auth.method=proxy), any unauthenticated attacker who can reach the server directly can impersonate any user - including admin - by sending a single forged HTTP header. No credentials are required. Additionally, specifying a non-existent username causes the server to automatically create a new user account, providing an account creation primitive with no authorization. This is an already known issue that has been documented in the documentation for several years, but has not been documented as a vulnerability before.

Action-Not Available
Vendor-filebrowser
Product-filebrowser
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-21638
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.66% / 73.74%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 21:44
Updated-03 Jun, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

Action-Not Available
Vendor-AzureMicrosoft Corporation
Product-azure_ipamipam
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-287
Improper Authentication
CVE-2026-48526
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.39% / 31.32%
||
7 Day CHG+0.16%
Published-28 May, 2026 | 15:09
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0.

Action-Not Available
Vendor-pyjwt_projectjpadillaRed Hat, Inc.
Product-pyjwtpyjwtRed Hat Satellite 6.19 for RHEL 9Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat AI Inference ServerRed Hat Quay 3Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Red Hat Quay 3.9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Ansible Automation Platform 2.7Red Hat Trusted Artifact SignerRed Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Ansible Automation Platform 2Red Hat Satellite 6Red Hat Quay 3.12Migration Toolkit for Applications 8OpenShift LightspeedRed Hat Enterprise Linux AppStream (v. 9)Red Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-1735
Matching Score-4
Assigner-LY Corporation
ShareView Details
Matching Score-4
Assigner-LY Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.83% / 53.19%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 07:25
Updated-26 Aug, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Action-Not Available
Vendor-linecorpLINE Corporationlinecorp
Product-armeriaArmeriaarmeria
CWE ID-CWE-287
Improper Authentication
CVE-2017-20235
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 36.10%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 22:51
Updated-25 May, 2026 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProSoft Technology ICX35-HWC Authentication Bypass

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

Action-Not Available
Vendor-prosoft-technologyProSoft Technology
Product-icx35-hwc_firmwareicx35-hwcICX35-HWC Cellular Gateway
CWE ID-CWE-287
Improper Authentication
CVE-2026-49454
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 3.28%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 20:52
Updated-22 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was incomplete as :public_key.verify over the exclusive-C14N canonicalized SignedInfo was not performed against the configured IdP certificate's public key, DigestValue was not recomputed over the canonicalized referenced element, and canonicalize/2 remained an unused passthrough in the signature-verification path. The result was a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes. A forged SignatureValue carrying an attacker-controlled NameID could be accepted as {:ok}. This issue has been fixed in version 1.2.0.

Action-Not Available
Vendor-szTheory
Product-relyra
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-8956
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.1||CRITICAL
EPSS-60.88% / 99.04%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 19:59
Updated-22 Nov, 2025 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-11-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

Action-Not Available
Vendor-PTZOptics
Product-pt30x-sdipt30x-sdi_firmwarept30x-ndi-xx-g2pt30x-ndi-xx-g2_firmwarePT30X-NDIPT30X-SDIpt30x-ndi-xx-g2_firmwarept30x-sdi_firmwarePT30X-SDI/NDI Cameras
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2020-22657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.60% / 44.39%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass.

Action-Not Available
Vendor-ruckuswirelessn/a
Product-zonedirector_3000zonedirector_1200_firmwaret300_firmwarescg200_firmwarer600sz-100_firmwarevszvsz_firmwarer310_firmwarer600_firmwarer500_firmwarezonedirector_1100r500zonedirector_5000t301szonedirector_1100_firmwaret301s_firmwarer310zonedirector_3000_firmwarezonedirector_5000_firmwaret300scg200sz-300_firmwaresz-100zonedirector_1200t301n_firmwaresz-300t301nn/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-46579
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.23% / 13.78%
||
7 Day CHG+0.01%
Published-29 May, 2026 | 09:50
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift_routerRed Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.21Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.22
CWE ID-CWE-287
Improper Authentication
CVE-2024-5805
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.1||CRITICAL
EPSS-7.55% / 93.78%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 15:03
Updated-20 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOVEit Gateway Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.

Action-Not Available
Vendor-Progress Software Corporation
Product-moveit_gatewayMOVEit Gatewaymoveit_gateway
CWE ID-CWE-287
Improper Authentication
CVE-2024-5806
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.1||CRITICAL
EPSS-75.81% / 99.47%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 15:04
Updated-16 Jan, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOVEit Transfer Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

Action-Not Available
Vendor-Progress Software Corporation
Product-moveit_transferMOVEit Transfermoveit_transfer
CWE ID-CWE-287
Improper Authentication
CVE-2024-10474
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.80%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:19
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus for iOSfocus_for_ios
CWE ID-CWE-287
Improper Authentication
CVE-2024-10963
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.80% / 52.04%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 16:02
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pam: improper hostname interpretation in pam_access leads to access control bypass

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift AI 2.16Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.16
CWE ID-CWE-287
Improper Authentication
CVE-2026-44196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.64%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 17:40
Updated-14 May, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pingvin Share X: TOTP Authentication Bypass via Password-only Login

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.

Action-Not Available
Vendor-smp46
Product-pingvin-share-x
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
CVE-2022-47408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.65% / 46.68%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.

Action-Not Available
Vendor-fp_newsletter_projectn/a
Product-fp_newslettern/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-44551
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.46% / 70.39%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 19:59
Updated-19 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: LDAP Empty Password Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-287
Improper Authentication
CVE-2026-44460
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.27% / 17.86%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 16:39
Updated-01 Jun, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the password check (state pending_login_user). When the target account already has TOTP configured, the endpoint decrypts and returns the user's existing TOTP secret inside the QR PNG instead of refusing or generating a new secret. An attacker who already possesses the victim's password can therefore retrieve the live TOTP secret, derive a valid one-time code, submit it to /api/totp_verify.php, and obtain a fully authenticated session without ever possessing the victim's authenticator device. This vulnerability is fixed in 3.12.0.

Action-Not Available
Vendor-error311
Product-FileRise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-42560
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.42% / 33.52%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 04:15
Updated-11 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a single local identity. Any application that trusts token.User.ID as the stable account key can end up mixing or fully merging unrelated Patreon users, which can lead to cross-account access, privilege confusion, and subscription-state leakage. This issue has been patched in versions 1.25.2 and 2.1.2.

Action-Not Available
Vendor-go-pkgz
Product-auth
CWE ID-CWE-287
Improper Authentication
CVE-2023-5376
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-8.6||HIGH
EPSS-1.41% / 69.47%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:44
Updated-08 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TFTP Without Authentication

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

Action-Not Available
Vendor-korenixKorenix
Product-jetnet_7628x-4f-eujetnet_4508jetnet_6528gf-2ac-us_firmwarejetnet_6910g-m12_hvdc_firmwarejetnet_5612g-4fjetnet_7628xp-4f-eu_firmwarejetnet_6628x-4f-eujetnet_4508-wjetnet_4508f-mw_firmwarejetnet_6528gf-2dc48jetnet_6828gf-ac-dc24-us_firmwarejetnet_6528gf-ac-eu_firmwarejetnet_7628xp-4f-usjetnet_4508if-s_firmwarejetnet_6528gf-2dc48_firmwarejetnet_4508if-m_firmwarejetnet_7628xp-4f-us_firmwarejetnet_7628xp-4f-eujetnet_4508f-sw_firmwarejetnet_4508f-swjetnet_4508f-mwjetnet_6828gf-2ac-aujetnet_6910g-m12_hvdcjetnet_6828gf-2dc48_firmwarejetnet_5612gp-4fjetnet_6528gf-2dc24_firmwarejetnet_4508i-w_firmwarejetnet_4508f-mjetnet_4508f-s_firmwarejetnet_6528gf-2ac-usjetnet_6828gf-2ac-eujetnet_5620g-4cjetnet_7714g-m12_hvdc_firmwarejetnet_6728g-24p-ac-2dc-usjetnet_5620g-4c_firmwarejetnet_4508if-swjetnet_6528gf-2dc24jetnet_6528gf-ac-eujetnet_5728g-24p-ac-2dc-eu_firmwarejetnet_6628xp-4f-us_firmwarejetnet_6728g-24p-ac-2dc-us_firmwarejetnet_6828gf-2dc24jetnet_4508if-sjetnet_5728g-24p-ac-2dc-us_firmwarejetnet_4508if-sw_firmwarejetnet_5612g-4f_firmwarejetnet_6628xp-4f-usjetnet_6828gf-ac-dc24-eujetnet_4508i-wjetnet_7628x-4f-eu_firmwarejetnet_7310g-v2jetnet_4508-w_firmwarejetnet_6828gf-ac-dc24-usjetnet_4508if-mwjetnet_6828gf-2ac-usjetnet_7714g-m12_hvdcjetnet_5728g-24p-ac-2dc-eujetnet_6828gf-2ac-au_firmwarejetnet_6828gf-ac-dc24-eu_firmwarejetnet_5612gp-4f_firmwarejetnet_6728g-24p-ac-2dc-eu_firmwarejetnet_6528gf-ac-usjetnet_6728g-24p-ac-2dc-eujetnet_6828gf-2dc24_firmwarejetnet_6828gf-ac-usjetnet_5310gjetnet_6628x-4f-eu_firmwarejetnet_5728g-24p-ac-2dc-usjetnet_4508if-mw_firmwarejetnet_7628x-4f-usjetnet_4508f-m_firmwarejetnet_4508_firmwarejetnet_6828gf-2ac-eu_firmwarejetnet_6828gf-ac-us_firmwarejetnet_5310g_firmwarejetnet_4508if-mjetnet_6828gf-2dc48jetnet_4508f-sjetnet_6528gf-2ac-eu_firmwarejetnet_6828gf-2ac-us_firmwarejetnet_6528gf-ac-us_firmwarejetnet_7310g-v2_firmwarejetnet_6528gf-2ac-eujetnet_7628x-4f-us_firmwareJetNet Series
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-43551
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 16.96%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Multi-Mode Call Processor

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_wear_3100_firmwaresdm429w_firmwareqcm8550_firmwareapq8017sd865_5gqcs410_firmwarerobotics_rb3sw5100psxr1120qcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_7c_gen_2_compute_firmwaresnapdragon_670_mobileqca4004qca6696snapdragon_x70_modem-rf_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700wcn3610snapdragon_208_firmwaresnapdragon_750g_5g_mobilesnapdragon_780g_5g_mobilesnapdragon_685_4g_mobilevision_intelligence_200_firmwaresnapdragon_x50_5g_modem-rf_firmwaresnapdragon_782g_mobile_firmwaresnapdragon_wear_4100\+_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_auto_4g_modemsnapdragon_665_mobile_firmwaresc8180xp-aaab9205_lte_modemqca6574au_firmwaresnapdragon_690_5g_mobile_firmware9207_lte_modem_firmwarewcd9341sd626_firmwaresnapdragon_wear_1300qca6574ausnapdragon_820_automotive205_mobilesnapdragon_888\+_5g_mobile_firmwaresnapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarewcd9390csra6640snapdragon_212_mobilemsm8209_firmwaresnapdragon_778g_5g_mobile_firmwaresc8180xp-acafsnapdragon_850_mobile_computewcn3660b_firmwaresd730snapdragon_820_automotive_firmwarefastconnect_6800_firmwareqcs5430snapdragon_690_5g_mobile9207_lte_modemsd835_firmwareqcn6024_firmwaresnapdragon_636_mobile_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_712_mobile_firmwareqcm6125_firmwarec-v2x_9150snapdragon_678_mobile_firmwaresnapdragon_425_mobileqcc710snapdragon_1100_wearable_firmwaresnapdragon_xr2_5g_firmwaremdm9615msm8108snapdragon_xr1_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmwaresnapdragon_wear_4100\+315_5g_iot_modem_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqfw7114snapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200315_5g_iot_modemqca6310wcd9360qca6335snapdragon_x65_5g_modem-rfqcs4490snapdragon_730_mobilesnapdragon_wear_3100mdm9250snapdragon_680_4g_mobilewsa8845qca6421_firmwareqcm6125snapdragon_212_mobile_firmwaremdm9230sc8180x-adqca6564au_firmwaresd820snapdragon_429_mobile_firmwarewsa8810mdm8207snapdragon_835_mobilesnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwaresnapdragon_wear_2500snapdragon_662_mobile_firmwaresnapdragon_685_4g_mobile_firmwarewcd9326_firmwaresnapdragon_845_mobile_firmwaremdm9640_firmwarewsa8840mdm9230_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesd835snapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwarewcd9371_firmwaresnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqts110wcn3910_firmwaresnapdragon_460_mobilesnapdragon_8_gen_2_mobileqca6420qca6174_firmwarewcn3910mdm9205s_firmwarewcd9370_firmwarecsrb31024qca9367mdm9250_firmwaresnapdragon_712_mobilesnapdragon_835_mobile_firmwarewcn3660bqca6574asnapdragon_8\+_gen_2_mobilewcn3620_firmwareqca6174aqca6584_firmwarewcd9340qcm2290snapdragon_1200_wearable_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwaresnapdragon_662_mobileqcn9024vision_intelligence_300_firmwareqca6574215_mobilesd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresdx57msmart_audio_400qcn9024_firmwarewsa8845hwcd9326qcs410qcm2290_firmwarevision_intelligence_100snapdragon_630_mobileqca6564asnapdragon_765g_5g_mobile_firmwaresnapdragon_wear_2100_firmwarewsa8830smart_display_200_firmwaresm8550psnapdragon_wear_2100snapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computesc8180x\+sdx55_firmwarear8035msm8996ausnapdragon_208snapdragon_7c_compute_firmwarewcn3620qcm4325qcn6224snapdragon_865\+_5g_mobile_firmwaresnapdragon_x5_lte_modemsnapdragon_429_mobilesc8180x\+sdx55qca6698aqwcn3950_firmwaresm6250mdm9205ssnapdragon_480\+_5g_mobilefastconnect_6200sd670wcn3680bsm7325p_firmwarewcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_210_firmwaresnapdragon_660_mobile_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_855_mobileqcs6490snapdragon_210snapdragon_695_5g_mobilesc8180xp-acaf_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqcn6224_firmwarevision_intelligence_100_firmwareqca6431wsa8845_firmwaresd660_firmwarewsa8832mdm9330_firmwaresnapdragon_auto_4g_modem_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwaresxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresc8180xp-aaab_firmwaremdm9630snapdragon_778g\+_5g_mobile205_mobile_firmwareqca6320msm8608_firmwaresd888_firmwaremsm8209wcd9306qca6564auqcs6125_firmwaresnapdragon_1100_wearablesnapdragon_425_mobile_firmwaresnapdragon_wear_1300_firmwaresm6250p_firmwaresc8180xp-adar6003wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290sd_455_firmwaremsm8608sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_665_mobilesm7250p_firmwarewcn3680_firmwareqcm4490_firmwarevision_intelligence_400_firmwarewcn3950qcs6125snapdragon_870_5g_mobile_firmwaresnapdragon_730g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobileqca4004_firmwaresnapdragon_778g\+_5g_mobile_firmwareapq8037smart_audio_400_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresmart_audio_200_firmwaresnapdragon_678_mobilesnapdragon_720g_mobilesd_455sm7250pcsrb31024_firmwaresc8180x-acafsm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqca6584ausd888qca6320_firmwareqcn6274_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_wear_2500_firmwaresw5100_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwareqca6310_firmwaresnapdragon_845_mobilesd626fastconnect_6800qfw7114_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarewcd9371mdm9630_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380smart_audio_200snapdragon_xr2_5gsnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_1200_wearablesnapdragon_auto_5g_modem-rf_firmwaresc8180x-aaabsc8180x-aaab_firmwaresw5100video_collaboration_vc3_platformaqt1000wcd9306_firmwaresnapdragon_4_gen_1_mobile_firmware215_mobile_firmwarec-v2x_9150_firmwaresd855qca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmware9205_lte_modem_firmwaresm7315snapdragon_660_mobileqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqcs2290_firmwaremsm8909w_firmwaresnapdragon_8_gen_1_mobilewcn3615qca9367_firmwaresnapdragon_630_mobile_firmwarewcd9330mdm8207_firmwaresnapdragon_680_4g_mobile_firmwarewcn3680wcn3610_firmwareqcs4290wcd9390_firmwaresnapdragon_865\+_5g_mobilesd820_firmwareqca6430snapdragon_855\+_mobilesg8275psm6250psnapdragon_765_5g_mobilesnapdragon_860_mobilesdx55_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfwcn3615_firmwaresxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcm4490csra6640_firmwaresnapdragon_480\+_5g_mobile_firmwareqca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_x50_5g_modem-rfapq8037_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436snapdragon_x70_modem-rfwcn3980_firmwaresnapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqcn6274qfw7124qca6595au_firmwareqcs610sw5100p_firmwareqca6696_firmwareqcs4290_firmwaresnapdragon_430_mobile_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqca9377mdm9628_firmwaresnapdragon_x75_5g_modem-rfqcm4325_firmwaresnapdragon_439_mobile_firmware9206_lte_modemqca6574a_firmwaresdx55snapdragon_4_gen_1_mobileqcm4290_firmwaresnapdragon_720g_mobile_firmwaresnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675wcd9375_firmwareqca6391snapdragon_710_mobileqts110_firmwaremdm9615_firmwareqcs5430_firmwaresnapdragon_439_mobilesg4150p_firmwareqca6584csra6620_firmwareqcs8550fastconnect_7800sd865_5g_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_xr1wcd9375vision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwaresnapdragon_430_mobilesnapdragon_636_mobilesd_675snapdragon_8\+_gen_1_mobile_firmwarevision_intelligence_400wsa8835_firmwaresmart_display_200ar6003_firmwarewcn3980qca6584au_firmwaremdm9330msm8909wwcn3680b_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm2290_firmwareqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwaremdm9640_firmwaremsm8996au_firmware315_5g_iot_modem_firmwareqcs2290_firmwareqca6431_firmwaremdm9628_firmwareqcn6224_firmwaremsm8909w_firmwaresd670_firmwaremdm9205s_firmwareqca6420_firmwareqca6595au_firmwareqca6174_firmwaresd730_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwareqca6584au_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwaremsm8108_firmwareqca6335_firmwareqcn6024_firmwareqcm4325_firmwareqca6574_firmwareqca6584_firmwareqca6426_firmwaremdm9230_firmwareqca6320_firmwareqca6574a_firmwareqca6574au_firmwarefastconnect_6200_firmwareqca8081_firmwareqca6436_firmwareqca6421_firmware9205_lte_modem_firmwareaqt1000_firmwareqca6564au_firmwarear6003_firmwareqca9367_firmwareqcm8550_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwarecsrb31024_firmwareqcm6490_firmwarefastconnect_6900_firmwarerobotics_rb3_platform_firmwareqca4004_firmwareqcs8550_firmware9206_lte_modem_firmwarefastconnect_6700_firmwareqca6564a_firmwareapq8017_firmwaresd626_firmwareqcn9024_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcs610_firmwareqca6698aq_firmwaremsm8209_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6174a_firmwaremdm9250_firmwareqcs4290_firmwarequalcomm_205_mobile_platform_firmware9207_lte_modem_firmwareqca6696_firmwareqcs6490_firmwaremdm8207_firmwareqcs5430_firmwaresd820_firmwareqca6391_firmwaremsm8608_firmwaresd888_firmwareqcc710_firmwaremdm9330_firmwaresd855_firmwaresd865_5g_firmwaremdm9615_firmwareapq8037_firmwaresd660_firmwarefastconnect_6800_firmwareqcs410_firmwareqfw7124_firmwaremdm9630_firmwarear8035_firmwareqcm6125_firmwareqts110_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2020-15269
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-1.05% / 60.12%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 20:15
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Expired token reuse in Spree

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.

Action-Not Available
Vendor-sparksolutionsspree
Product-spreespree
CWE ID-CWE-613
Insufficient Session Expiration
CWE ID-CWE-287
Improper Authentication
CVE-2020-15243
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.20% / 64.33%
||
7 Day CHG+0.02%
Published-08 Oct, 2020 | 22:40
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebApi Authentication attribute missing in Smartstore

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.

Action-Not Available
Vendor-smartstoresmartstore
Product-smartstoreSmartStoreNET
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-15240
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.79% / 51.89%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 17:25
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regression in JWT Signature Validation

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.

Action-Not Available
Vendor-auth0auth0
Product-omniauth-auth0omniauth-auth0
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-14158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.84% / 76.41%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 13:13
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

Action-Not Available
Vendor-abusn/a
Product-secvest_hybrid_fumo50110_firmwaresecvest_hybrid_fumo50110n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-44152
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 43.17%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 11:59
Updated-23 Sep, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-cyber_protectmacoswindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2016-4432
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.1||CRITICAL
EPSS-8.15% / 94.16%
||
7 Day CHG~0.00%
Published-01 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-qpid_broker-jn/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-40910
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.51%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:09
Updated-29 Apr, 2026 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses credentials from the regular Authorization header. As a result, an attacker who can reach the HTTP vhost entrypoint and knows or can guess the protected routeByHTTPUser value may access a backend protected by httpUser / httpPassword even with an incorrect Proxy-Authorization password. This issue affects deployments that explicitly use routeByHTTPUser. It does not affect ordinary HTTP proxies that do not use this feature. This vulnerability is fixed in 0.68.1.

Action-Not Available
Vendor-fatedierfatedier
Product-frpfrp
CWE ID-CWE-287
Improper Authentication
CVE-2023-40260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 40.66%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.

Action-Not Available
Vendor-empoweridn/a
Product-empoweridn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found