Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-34873

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Apr, 2026 | 00:00
Updated At-02 Apr, 2026 | 16:24
Rejected At-
Credits

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Apr, 2026 | 00:00
Updated At:02 Apr, 2026 | 16:24
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://mbed-tls.readthedocs.io/en/latest/security-advisories/
N/A
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/
N/A
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/
Resource: N/A
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Apr, 2026 | 21:17
Updated At:05 Jun, 2026 | 19:38

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches

trustedfirmware
trustedfirmware
>>mbed_tls>>Versions from 3.5.0(inclusive) to 3.6.6(exclusive)
cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*
trustedfirmware
trustedfirmware
>>mbed_tls>>Versions from 4.0.0(inclusive) to 4.1.0(exclusive)
cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-287
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://mbed-tls.readthedocs.io/en/latest/security-advisories/cve@mitre.org
Vendor Advisory
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/cve@mitre.org
Vendor Advisory
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

119Records found

CVE-2017-14032
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.49% / 71.01%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 20:00
Updated-05 Jun, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.

Action-Not Available
Vendor-trustedfirmwaren/aArm Limited
Product-mbed_tlsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-24894
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.56% / 42.51%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 18:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The validation logic of the signature is central as it ensures that you cannot create a SAML response with arbitrary assertions and then impersonate other users. There is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This vulnerability has been addressed in version 3.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-italia
Product-spid-aspnetcore
CWE ID-CWE-287
Improper Authentication
CVE-2025-24895
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.56% / 42.51%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 18:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; 2. Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The library cie-aspnetcore refers to the second entity, the SP, and implements the validation logic of SAML assertions within SAML responses. In affected versions there is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP's public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This issue has been addressed in version 2.1.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-italia
Product-cie-aspnetcore
CWE ID-CWE-287
Improper Authentication
CVE-2026-7876
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.31% / 23.01%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:56
Updated-11 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_high-speed_transfer_server_for_cloud_pak_for_integrationAspera HSTS for CP4I
CWE ID-CWE-287
Improper Authentication
CVE-2025-22146
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.58% / 43.66%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 19:57
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authentication on SAML SSO process allows user impersonation in sentry

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-getsentry
Product-sentry
CWE ID-CWE-287
Improper Authentication
CVE-2026-56237
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.29% / 21.06%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 11:53
Updated-25 Jun, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key parameter in the generation request and supply arbitrary values, generating custom API keys without proper authorization, which can lead to unauthorized access to protected endpoints.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-287
Improper Authentication
CVE-2025-15484
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 14.63%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 06:00
Updated-01 Apr, 2026 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.

Action-Not Available
Vendor-Unknown
Product-Order Notification for WooCommerce
CWE ID-CWE-287
Improper Authentication
CVE-2022-41912
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-2.18% / 80.15%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.

Action-Not Available
Vendor-saml_projectcrewjam
Product-samlsaml
CWE ID-CWE-287
Improper Authentication
CVE-2022-41436
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.70% / 48.72%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.

Action-Not Available
Vendor-oxhoon/a
Product-tp50_firmwaretp50n/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-39289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.75% / 50.56%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-22 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Action-Not Available
Vendor-zoneminderZoneMinder
Product-zoneminderzoneminder
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2024-5806
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.1||CRITICAL
EPSS-75.81% / 99.47%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 15:04
Updated-16 Jan, 2025 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOVEit Transfer Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

Action-Not Available
Vendor-Progress Software Corporation
Product-moveit_transferMOVEit Transfermoveit_transfer
CWE ID-CWE-287
Improper Authentication
CVE-2024-5805
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.1||CRITICAL
EPSS-7.55% / 93.78%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 15:03
Updated-20 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOVEit Gateway Authentication Bypass Vulnerability

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.

Action-Not Available
Vendor-Progress Software Corporation
Product-moveit_gatewayMOVEit Gatewaymoveit_gateway
CWE ID-CWE-287
Improper Authentication
CVE-2022-34372
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 60.76%
||
7 Day CHG+0.04%
Published-01 Sep, 2022 | 18:45
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryCyber Recovery
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-39355
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.77% / 50.99%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse Patreon vulnerable to improper validation of email during Patreon authentication

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-patreondiscourse-patreon
CWE ID-CWE-287
Improper Authentication
CVE-2022-31013
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.37% / 68.63%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 22:35
Updated-23 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass in Vartalap chat-server

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.

Action-Not Available
Vendor-chat_server_projectramank775
Product-chat_serverchat-server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-20
Improper Input Validation
CVE-2022-2757
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 47.46%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 21:18
Updated-16 Apr, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.

Action-Not Available
Vendor-kingspanKingspan
Product-tms300_cs_firmwaretms300_csTMS300 CS
CWE ID-CWE-287
Improper Authentication
CVE-2022-24882
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-2.67% / 83.94%
||
7 Day CHG+0.02%
Published-26 Apr, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server side NTLM does not properly check parameters in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

Action-Not Available
Vendor-FreeRDPFedora Project
Product-fedorafreerdpextra_packages_for_enterprise_linuxFreeRDP
CWE ID-CWE-287
Improper Authentication
CVE-2024-48859
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 44.26%
||
7 Day CHG+0.01%
Published-06 Dec, 2024 | 16:35
Updated-23 Sep, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-287
Improper Authentication
CVE-2022-25157
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.1||CRITICAL
EPSS-2.29% / 81.10%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-fx5uj-24mt\/essfx5uc-32mt\/dss_firmwarefx5uj-24mt\/es_firmwarefx5uj-60mr\/es_firmwarefx5uj_firmwarefx5uj-60mt\/esfx5uj-60mt\/essfx5uc-32mt\/dss-tsfx5ucfx5uc-32mt\/dfx5uj-40mt\/es_firmwarefx5uj-60mt\/es_firmwarefx5uj-24mt\/ess_firmwarefx5uc-32mt\/ds-tsfx5ujfx5uc_firmwarefx5uj-60mr\/esfx5uj-60mt\/ess_firmwarefx5uj-24mr\/esfx5uc-32mr\/ds-ts_firmwarefx5uj-40mt\/ess_firmwarefx5uc-32mr\/ds-tsfx5uc-32mt\/dssfx5uj-40mr\/es_firmwarefx5uc-32mt\/ds-ts_firmwarefx5uj-24mr\/es_firmwarefx5uj-40mt\/essfx5uj-40mt\/esfx5uj-24mt\/esfx5uj-40mr\/esfx5uc-32mt\/dss-ts_firmwarefx5uc-32mt\/d_firmwareMitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2
CWE ID-CWE-287
Improper Authentication
CVE-2022-24976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.79% / 75.71%
||
7 Day CHG~0.00%
Published-13 Feb, 2022 | 06:20
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

Action-Not Available
Vendor-athemen/a
Product-athemen/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-14880
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-1.08% / 60.98%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 15:11
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.

Action-Not Available
Vendor-[UNKNOWN]Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-287
Improper Authentication
CVE-2022-23383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.42% / 69.64%
||
7 Day CHG-0.04%
Published-07 Mar, 2022 | 15:15
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.

Action-Not Available
Vendor-yzmcmsn/a
Product-yzmcmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-3738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.33% / 67.59%
||
7 Day CHG~0.00%
Published-27 Aug, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Action-Not Available
Vendor-spacetagn/a
Product-lacoodastn/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-34340
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.12% / 62.19%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 15:26
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass when using using older password hashes

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.

Action-Not Available
Vendor-Fedora ProjectThe Cacti Group, Inc.
Product-fedoracacticacticacti
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
CVE-2022-26034
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.1||CRITICAL
EPSS-0.94% / 56.67%
||
7 Day CHG+0.03%
Published-15 Apr, 2022 | 01:45
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-b\/m9000_vpcentum_vpCENTUM VP series with VP6E5000(AD Suite Engineering ServerFunction) installed and B/M9000 VP
CWE ID-CWE-287
Improper Authentication
CVE-2026-54089
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.34% / 25.71%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 17:46
Updated-25 Jun, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Browser: Authentication Bypass via Proxy Auth Header Forgery

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication (auth.method=proxy), any unauthenticated attacker who can reach the server directly can impersonate any user - including admin - by sending a single forged HTTP header. No credentials are required. Additionally, specifying a non-existent username causes the server to automatically create a new user account, providing an account creation primitive with no authorization. This is an already known issue that has been documented in the documentation for several years, but has not been documented as a vulnerability before.

Action-Not Available
Vendor-filebrowser
Product-filebrowser
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-33110
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.74% / 50.15%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-n/adir-845l
CWE ID-CWE-287
Improper Authentication
CVE-2024-2873
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.63% / 45.70%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 21:58
Updated-05 Dec, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User authentication bypass in wolfSSH server

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

Action-Not Available
Vendor-wolfsshwolfSSL Inc.wolfssh
Product-wolfsshwolfSSHwolfssh
CWE ID-CWE-287
Improper Authentication
CVE-2024-28200
Matching Score-4
Assigner-N-able
ShareView Details
Matching Score-4
Assigner-N-able
CVSS Score-9.1||CRITICAL
EPSS-1.95% / 77.73%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 20:49
Updated-22 Aug, 2024 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
N-central Authentication Bypass

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Action-Not Available
Vendor-n-ableN-ablen-able
Product-n-centralN-centraln-central
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2024-25128
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.86% / 53.95%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 15:30
Updated-14 Oct, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.

Action-Not Available
Vendor-dpgaspardpgaspardpgaspar
Product-flask-appbuilderFlask-AppBuilderflask-appbuilder
CWE ID-CWE-287
Improper Authentication
CVE-2024-23255
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.67% / 47.54%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmacOSiOS and iPadOSiosipadosmacos
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2007-1966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.24% / 65.44%
||
7 Day CHG+0.16%
Published-11 Apr, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

Action-Not Available
Vendor-exv2n/a
Product-content_management_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-21638
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.66% / 73.74%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 21:44
Updated-03 Jun, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

Action-Not Available
Vendor-AzureMicrosoft Corporation
Product-azure_ipamipam
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-287
Improper Authentication
CVE-2024-1735
Matching Score-4
Assigner-LY Corporation
ShareView Details
Matching Score-4
Assigner-LY Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.83% / 53.19%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 07:25
Updated-26 Aug, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Action-Not Available
Vendor-linecorpLINE Corporationlinecorp
Product-armeriaArmeriaarmeria
CWE ID-CWE-287
Improper Authentication
CVE-2023-40260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 40.66%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.

Action-Not Available
Vendor-empoweridn/a
Product-empoweridn/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-10474
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.80%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:19
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus for iOSfocus_for_ios
CWE ID-CWE-287
Improper Authentication
CVE-2023-5376
Matching Score-4
Assigner-CyberDanube
ShareView Details
Matching Score-4
Assigner-CyberDanube
CVSS Score-8.6||HIGH
EPSS-1.41% / 69.47%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:44
Updated-08 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TFTP Without Authentication

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

Action-Not Available
Vendor-korenixKorenix
Product-jetnet_7628x-4f-eujetnet_4508jetnet_6528gf-2ac-us_firmwarejetnet_6910g-m12_hvdc_firmwarejetnet_5612g-4fjetnet_7628xp-4f-eu_firmwarejetnet_6628x-4f-eujetnet_4508-wjetnet_4508f-mw_firmwarejetnet_6528gf-2dc48jetnet_6828gf-ac-dc24-us_firmwarejetnet_6528gf-ac-eu_firmwarejetnet_7628xp-4f-usjetnet_4508if-s_firmwarejetnet_6528gf-2dc48_firmwarejetnet_4508if-m_firmwarejetnet_7628xp-4f-us_firmwarejetnet_7628xp-4f-eujetnet_4508f-sw_firmwarejetnet_4508f-swjetnet_4508f-mwjetnet_6828gf-2ac-aujetnet_6910g-m12_hvdcjetnet_6828gf-2dc48_firmwarejetnet_5612gp-4fjetnet_6528gf-2dc24_firmwarejetnet_4508i-w_firmwarejetnet_4508f-mjetnet_4508f-s_firmwarejetnet_6528gf-2ac-usjetnet_6828gf-2ac-eujetnet_5620g-4cjetnet_7714g-m12_hvdc_firmwarejetnet_6728g-24p-ac-2dc-usjetnet_5620g-4c_firmwarejetnet_4508if-swjetnet_6528gf-2dc24jetnet_6528gf-ac-eujetnet_5728g-24p-ac-2dc-eu_firmwarejetnet_6628xp-4f-us_firmwarejetnet_6728g-24p-ac-2dc-us_firmwarejetnet_6828gf-2dc24jetnet_4508if-sjetnet_5728g-24p-ac-2dc-us_firmwarejetnet_4508if-sw_firmwarejetnet_5612g-4f_firmwarejetnet_6628xp-4f-usjetnet_6828gf-ac-dc24-eujetnet_4508i-wjetnet_7628x-4f-eu_firmwarejetnet_7310g-v2jetnet_4508-w_firmwarejetnet_6828gf-ac-dc24-usjetnet_4508if-mwjetnet_6828gf-2ac-usjetnet_7714g-m12_hvdcjetnet_5728g-24p-ac-2dc-eujetnet_6828gf-2ac-au_firmwarejetnet_6828gf-ac-dc24-eu_firmwarejetnet_5612gp-4f_firmwarejetnet_6728g-24p-ac-2dc-eu_firmwarejetnet_6528gf-ac-usjetnet_6728g-24p-ac-2dc-eujetnet_6828gf-2dc24_firmwarejetnet_6828gf-ac-usjetnet_5310gjetnet_6628x-4f-eu_firmwarejetnet_5728g-24p-ac-2dc-usjetnet_4508if-mw_firmwarejetnet_7628x-4f-usjetnet_4508f-m_firmwarejetnet_4508_firmwarejetnet_6828gf-2ac-eu_firmwarejetnet_6828gf-ac-us_firmwarejetnet_5310g_firmwarejetnet_4508if-mjetnet_6828gf-2dc48jetnet_4508f-sjetnet_6528gf-2ac-eu_firmwarejetnet_6828gf-2ac-us_firmwarejetnet_6528gf-ac-us_firmwarejetnet_7310g-v2_firmwarejetnet_6528gf-2ac-eujetnet_7628x-4f-us_firmwareJetNet Series
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-49454
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 3.28%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 20:52
Updated-22 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was incomplete as :public_key.verify over the exclusive-C14N canonicalized SignedInfo was not performed against the configured IdP certificate's public key, DigestValue was not recomputed over the canonicalized referenced element, and canonicalize/2 remained an unused passthrough in the signature-verification path. The result was a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes. A forged SignatureValue carrying an attacker-controlled NameID could be accepted as {:ok}. This issue has been fixed in version 1.2.0.

Action-Not Available
Vendor-szTheory
Product-relyra
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-4562
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.85% / 53.69%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 01:26
Updated-27 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-fx3g-40mt\/es_firmwarefx3g-60_mt\/dss_firmwarefx3uc-16mt\/d-p4_firmwarefx3u-48mr\/dsfx3u-48mt\/es-afx3u-32mr\/es-afx3u-48mr\/ds_firmwarefx3u-128mr\/es-afx3u-80mt\/dss_firmwarefx3uc-32mt-lt-2_firmwarefx3u-16mt\/dss_firmwarefx3s-10mt\/es_firmwarefx3g-4da-adp_firmwarefx3s-10mt\/dssfx3u-32mr\/dsfx3u-128mt\/es-afx3g-4da-pnk-adpfx3g-24mt\/es_firmwarefx3s-20mt\/dsfx3u-32mt\/dsfx3g-40_mt\/es_firmwarefx3u-80mt\/esfx3s-14mt\/dssfx3u-enet-p502_firmwarefx3g-14_mt\/dssfx3s-10mt\/dss_firmwarefx3sa-10mr-cmfx3gc_firmwarefx3g-14mr\/es-a_firmwarefx3u-16mr\/es-afx3g-4da-pnk-adp_firmwarefx3g-232adp\(-mb\)fx3uc-16mt\/dfx3s-30mt\/ess-2ad_firmwarefx3g-232adp\(-mb\)_firmwarefx3ge-24mr\/es_firmwarefx3g-24mt\/essfx3s-20mt\/dss_firmwarefx3u-64mt\/essfx3uc-32mt\/dss_firmwarefx3u-128mt\/es_firmwarefx3s-20mt\/es_firmwarefx3g-14_mr\/ds_firmwarefx3s-10mt\/ess_firmwarefx3g-40mt\/ess_firmwarefx3u-80mr\/es-afx3g-40mt\/essfx3u-32ms\/es_firmwarefx3u-64mr\/ua1_firmwarefx3g-24mt\/dss_firmwarefx3g-40_mt\/dss_firmwarefx3s-20mt\/esfx3u-32mr\/ua1fx3u-128mr\/es_firmwarefx3uc-16mt\/d_firmwarefx3s-10mt\/esfx3u-32mr\/ds_firmwarefx3g-14mt\/essfx3u-16mt\/esfx3ga-40mt-cm_firmwarefx3g-cnv-adp_firmwarefx3g-60mr\/es-a_firmwarefx3s-14mr\/ds_firmwarefx3ge-40mr\/dsfx3ge-40mr\/esfx3s-30mt\/es_firmwarefx3u-32mt\/es_firmwarefx3u-16mr\/ds_firmwarefx3s-14mt\/esfx3uc_firmwarefx3uc-64mt\/dss_firmwarefx3ge-24mr\/esfx3u-32mr\/es-a_firmwarefx3u-80mt\/dsfx3u-32mt\/es-afx3g-40_mt\/ds_firmwarefx3ge-24mt\/essfx3uc-96mt\/dss_firmwarefx3g-14_mr\/dsfx3ge-24mr\/ds_firmwarefx3sa-14mt-cm_firmwarefx3gcfx3g-60_mr\/ds_firmwarefx3g-60mr\/dsfx3g-14mr\/es-afx3g-40mr\/dsfx3u-16mt\/es_firmwarefx3ga-40mt-cmfx3s-20mr\/ds_firmwarefx3ge-24mt\/dss_firmwarefx3ge-40mr\/es_firmwarefx3u-16mr\/dsfx3s-10mr\/es_firmwarefx3g-60_mt\/dsfx3ucfx3sa-30mr-cm_firmwarefx3ge-40mt\/essfx3sa-20mt-cmfx3uc-16mr\/ds-t_firmwarefx3uc-96mt\/d_firmwarefx3sa-20mr-cm_firmwarefx3g-24mt\/es-a_firmwarefx3g-14mr\/dsfx3s-14mt\/essfx3u-128mr\/es-a_firmwarefx3ga-60mt-cmfx3g-60mt\/es-a_firmwarefx3u-32mt\/ess_firmwarefx3u-80mr\/ds_firmwarefx3g-14_mt\/ess_firmwarefx3uc-32mt\/dssfx3uc-16mr\/ds-tfx3g-4ad-adpfx3u-16mt\/es-a_firmwarefx3u-32mt\/dss_firmwarefx3g-24mt\/ds_firmwarefx3s-10mr\/dsfx3g-40mr\/es-a_firmwarefx3uc-16mt\/d-p4fx3g-60_mt\/ess_firmwarefx3u-48mt\/ds_firmwarefx3g-24_mr\/dsfx3g-24_mt\/dsfx3g-4ad-ptw-adpfx3g-60_mt\/essfx3uc-16mt\/dss-p4fx3u-64mt\/es_firmwarefx3sa-14mr-cmfx3u-16mr\/esfx3u-48mr\/esfx3uc-32mt-ltfx3sa-30mr-cmfx3s-30mt\/ds_firmwarefx3g-40_mr\/dsfx3u-48mt\/dssfx3g-24mt\/ess_firmwarefx3u-80mt\/es-a_firmwarefx3u-80mt\/es-afx3g-60mt\/essfx3uc-16mr\/d-t_firmwarefx3u-80mr\/dsfx3s-10mt\/dsfx3u-16mt\/ess_firmwarefx3u-64mt\/ds_firmwarefx3u-48mr\/es_firmwarefx3u-64mr\/ds_firmwarefx3uc-64mt\/dfx3g-60_mt\/esfx3u-64ms\/esfx3g-24_mt\/ds_firmwarefx3s-14mt\/es_firmwarefx3ge-40mr\/ds_firmwarefx3g-60mt\/esfx3g-40_mt\/dsfx3g-14_mr\/esfx3g-24_mt\/dss_firmwarefx3g-24_mt\/es_firmwarefx3g-60_mr\/es_firmwarefx3g-40mt\/dssfx3ge-24mt\/es_firmwarefx3u-48mr\/es-a_firmwarefx3g-60mt\/es_firmwarefx3s-30mt\/dssfx3u-128mr\/esfx3g-14mt\/ds_firmwarefx3u-64mr\/es-a_firmwarefx3gc-32mt\/dssfx3u-48mt\/essfx3u-16mt\/es-afx3u-64mr\/es-afx3g-40mt\/dss_firmwarefx3u-enet-p502fx3g-485adp\(-mb\)_firmwarefx3u-64mt\/dss_firmwarefx3ge-24mr\/dsfx3sa-10mr-cm_firmwarefx3sa-14mt-cmfx3u-64mt\/dssfx3g-60_mr\/dsfx3g-60_mr\/esfx3ge-24mt\/esfx3ge-24mt\/ds_firmwarefx3ge-40mt\/ess_firmwarefx3s-30mr\/ds_firmwarefx3g-3a-adp_firmwarefx3g-14mt\/ess_firmwarefx3g-14mt\/es-a_firmwarefx3u-48mt\/esfx3u-80mr\/es_firmwarefx3g-24mr\/dsfx3u-48mt\/dsfx3s-10mt\/ds_firmwarefx3s-14mr\/dsfx3g-60_mt\/es_firmwarefx3g-40_mt\/dssfx3s-20mr\/dsfx3ge-24mt\/dssfx3g-32_mt\/dss_firmwarefx3ga-40mr-cmfx3ge-40mt\/dssfx3uc-16mt\/dssfx3u-32mt\/es-a_firmwarefx3s-30mr\/dsfx3u-enet_firmwarefx3g-14_mt\/dss_firmwarefx3g-60_mt\/ds_firmwarefx3sa-30mt-cm_firmwarefx3g-4ad-pt-adpfx3s-20mt\/ess_firmwarefx3s-30mt\/es-2adfx3u-32mr\/esfx3s-20mt\/ds_firmwarefx3s-30mt\/esfx3g-14_mt\/dsfx3g-24_mt\/ess_firmwarefx3g-40mt\/es-a_firmwarefx3sa-10mt-cm_firmwarefx3u-48mt\/es-a_firmwarefx3g-14mr\/ds_firmwarefx3sa-20mr-cmfx3g-14mt\/dsfx3g-60mr\/ds_firmwarefx3s-30mt\/essfx3g-24mt\/dssfx3g-24_mt\/essfx3u-enet-l_firmwarefx3s-14mt\/dss_firmwarefx3ge-40mt\/esfx3s-30mt\/ess-2adfx3g-14_mt\/es_firmwarefx3s-14mt\/dsfx3g-40mr\/es_firmwarefx3uc-32mt\/dfx3uc-96mt\/dfx3g-40_mr\/es_firmwarefx3u-64mt\/dsfx3u-48mt\/ess_firmwarefx3u-80mt\/ds_firmwarefx3g-24_mr\/ds_firmwarefx3ga-60mt-cm_firmwarefx3g-14_mt\/ds_firmwarefx3g-24mt\/es-afx3u-64ms\/es_firmwarefx3g-14mr\/es_firmwarefx3ge-24mt\/dsfx3u-80mr\/es-a_firmwarefx3sa-20mt-cm_firmwarefx3g-14_mr\/es_firmwarefx3s-30mr\/esfx3s-14mt\/ess_firmwarefx3s-30mt\/dss_firmwarefx3u-128mt\/ess_firmwarefx3s-30mt\/dsfx3u-80mt\/ess_firmwarefx3uc-32mt\/d_firmwarefx3s-30mt\/ess_firmwarefx3g-60mr\/es-afx3g-14mt\/es-afx3u-64mt\/ess_firmwarefx3g-4ad-adp_firmwarefx3s-20mr\/esfx3ge-40mt\/dss_firmwarefx3g-4ad-tc-adpfx3u-32ms\/esfx3u-enetfx3ga-24mt-cm_firmwarefx3u-48mt\/dss_firmwarefx3u-64mr\/es_firmwarefx3s-14mr\/esfx3uc-16mr\/d-tfx3uc-16mt\/dss_firmwarefx3g-14_mt\/essfx3u-32mr\/es_firmwarefx3g-40mt\/esfx3u-64mr\/esfx3g-40mr\/ds_firmwarefx3g-3a-adpfx3g-60mr\/es_firmwarefx3g-40mt\/ds_firmwarefx3g-4ad-pt-adp_firmwarefx3u-128mt\/es-a_firmwarefx3g-14mt\/dssfx3u-48mr\/es-afx3uc-64mt\/dssfx3g-14mt\/esfx3u-32mt\/esfx3g-24_mr\/es_firmwarefx3u-32mr\/ua1_firmwarefx3ge-24mt\/ess_firmwarefx3g-32_mt\/dssfx3g-40_mt\/esfx3g-24mr\/es-afx3g-cnv-adpfx3g-14mr\/esfx3g-4ad-ptw-adp_firmwarefx3ga-60mr-cmfx3g-24mr\/ds_firmwarefx3ge-40mt\/ds_firmwarefx3g-40_mr\/ds_firmwarefx3u-64mr\/dsfx3s-30mt\/es-2ad_firmwarefx3u-80mt\/es_firmwarefx3u-128mt\/esfx3g-40mt\/dsfx3g-40_mr\/esfx3uc-16mt\/dss-p4_firmwarefx3g-60mr\/esfx3g-24mt\/dsfx3u-64mt\/esfx3s-10mt\/essfx3s-10mr\/ds_firmwarefx3g-40mr\/es-afx3u-32mt\/dssfx3u-64mr\/ua1fx3gc-32mt\/dss_firmwarefx3u-80mt\/essfx3s-30mr\/es-2ad_firmwarefx3u-16mt\/ds_firmwarefx3u-16mt\/dsfx3g-60mt\/dss_firmwarefx3g-24mt\/esfx3sa-30mt-cmfx3u-16mt\/dssfx3s-20mt\/essfx3g-60mt\/dssfx3uc-32mt-lt-2fx3ga-60mr-cm_firmwarefx3gc-32mt\/dfx3g-40mt\/es-afx3s-30mr\/es_firmwarefx3g-485adp\(-mb\)fx3u-128mt\/essfx3s-20mt\/dssfx3g-24_mt\/dssfx3g-40mr\/esfx3g-4ad-tc-adp_firmwarefx3s-14mt\/ds_firmwarefx3g-60_mt\/dssfx3u-80mt\/dssfx3ga-24mt-cmfx3sa-10mt-cmfx3ga-24mr-cm_firmwarefx3gc-32mt\/d_firmwarefx3u-48mt\/es_firmwarefx3ga-24mr-cmfx3g-24mr\/es-a_firmwarefx3u-32mt\/ds_firmwarefx3ge-40mt\/dsfx3g-24_mr\/esfx3g-40_mt\/ess_firmwarefx3g-24_mt\/esfx3ga-40mr-cm_firmwarefx3ge-40mt\/es_firmwarefx3u-64mt\/es-afx3u-16mt\/essfx3g-4da-adpfx3u-64mt\/es-a_firmwarefx3g-14mt\/dss_firmwarefx3g-60mt\/ess_firmwarefx3g-14mt\/es_firmwarefx3sa-14mr-cm_firmwarefx3g-24mr\/es_firmwarefx3u-16mr\/es_firmwarefx3s-14mr\/es_firmwarefx3g-40_mt\/essfx3uc-64mt\/d_firmwarefx3uc-32mt-lt_firmwarefx3uc-96mt\/dssfx3g-24mr\/esfx3g-60mt\/dsfx3u-80mr\/esfx3u-16mr\/es-a_firmwarefx3g-60mt\/es-afx3g-14_mt\/esfx3g-60mt\/ds_firmwarefx3s-10mr\/esfx3s-20mr\/es_firmwarefx3s-30mr\/es-2adfx3u-enet-lfx3u-32mt\/essMELSEC-F Series FX3U-80MT/ES-AMELSEC-F Series FX3UC-16MT/DMELSEC-F Series FX3U-48MR/ES-AMELSEC-F Series FX3U-128MR/ES-AMELSEC-F Series FX3U-80MT/ESMELSEC-F Series FX3S-10MR/ESMELSEC-F Series FX3U-128MT/DSMELSEC-F Series FX3U-64MR/UA1MELSEC-F Series FX3U-80MR/ESMELSEC-F Series FX3U-80MT/ESSMELSEC-F Series FX3SA-30MR-CMMELSEC-F Series FX3U-16MT/ESMELSEC-F Series FX3G-24MT/ESMELSEC-F Series FX3U-32MR/DSMELSEC-F Series FX3U-48MR/ESMELSEC-F Series FX3U-32MR/UA1MELSEC-F Series FX3GA-60MR-CMMELSEC-F Series FX3GE-40MT/DSMELSEC-F Series FX3G-60MT/ESMELSEC-F Series FX3G-40MT/DSMELSEC-F Series FX3G-24MT/DSMELSEC-F Series FX3GA-40MR-CMMELSEC-F Series FX3GA-60MT-CMMELSEC-F Series FX3G-40MR/ESMELSEC-F Series FX3U-64MT/ESSMELSEC-F Series FX3UC-64MT/DSSMELSEC-F Series FX3S-10MT/DSMELSEC-F Series FX3U-128MT/ESMELSEC-F Series FX3G-24MR/ESMELSEC-F Series FX3G-24MR/ES-AMELSEC-F Series FX3U-80MR/ES-AMELSEC-F Series FX3G-14MR/ES-AMELSEC-F Series FX3U-48MT/ES-AMELSEC-F Series FX3S-14MT/ESMELSEC-F Series FX3U-32MR/ESMELSEC-F Series FX3G-14MT/DSMELSEC-F Series FX3G-40MT/ES-AMELSEC-F Series FX3SA-14MT-CMMELSEC-F Series FX3GE-40MR/ESMELSEC-F Series FX3U-128MT/ESSMELSEC-F Series FX3S-14MR/ESMELSEC-F Series FX3G-60MR/ESMELSEC-F Series FX3GE-24MT/DSSMELSEC-F Series FX3U-80MT/DSSMELSEC-F Series FX3GE-40MT/DSSMELSEC-F Series FX3U-48MT/ESSMELSEC-F Series FX3SA-10MT-CMMELSEC-F Series FX3U-32MT/DSMELSEC-F Series FX3U-16MT/DSSMELSEC-F Series FX3S-14MT/DSMELSEC-F Series FX3G-40MR/ES-AMELSEC-F Series FX3S-30MT/DSMELSEC-F Series FX3UC-32MT/DMELSEC-F Series FX3U-64MR/DSMELSEC-F Series FX3GE-40MT/ESSMELSEC-F Series FX3S-10MT/ESSMELSEC-F Series FX3G-24MT/ESSMELSEC-F Series FX3S-20MR/ESMELSEC-F Series FX3SA-20MT-CMMELSEC-F Series FX3S-30MT/DSSMELSEC-F Series FX3G-14MT/ESMELSEC-F Series FX3SA-20MR-CMMELSEC-F Series FX3GE-24MT/DSMELSEC-F Series FX3G-60MT/ES-AMELSEC-F Series FX3G-24MT/DSSMELSEC-F Series FX3U-16MR/ES-AMELSEC-F Series FX3U-48MT/ESMELSEC-F Series FX3G-60MT/DSMELSEC-F Series FX3UC-32MT/DSSMELSEC-F Series FX3UC-16MR/DS-TMELSEC-F Series FX3U-64MS/ESMELSEC-F Series FX3S-30MR/DSMELSEC-F Series FX3S-20MR/DSMELSEC-F Series FX3S-20MT/ESMELSEC-F Series FX3UC-32MT-LTMELSEC-F Series FX3G-60MR/DSMELSEC-F Series FX3UC-16MT/D-P4MELSEC-F Series FX3U-32MT/ESSMELSEC-F Series FX3G-24MR/DSMELSEC-F Series FX3U-48MR/DSMELSEC-F Series FX3U-128MR/ESMELSEC-F Series FX3S-30MT/ESMELSEC-F Series FX3S-10MR/DSMELSEC-F Series FX3U-64MT/DSMELSEC-F Series FX3G-60MT/ESSMELSEC-F Series FX3S-10MT/ESMELSEC-F Series FX3U-64MR/ESMELSEC-F Series FX3G-14MT/ESSMELSEC-F Series FX3U-64MT/DSSMELSEC-F Series FX3U-32MS/ESMELSEC-F Series FX3S-20MT/ESSMELSEC-F Series FX3UC-96MT/DMELSEC-F Series FX3G-60MT/DSSMELSEC-F Series FX3U-32MT/DSSMELSEC-F Series FX3U-64MT/ESMELSEC-F Series FX3SA-14MR-CMMELSEC-F Series FX3U-32MT/ES-AMELSEC-F Series FX3U-80MT/DSMELSEC-F Series FX3U-64MT/ES-AMELSEC-F Series FX3U-128MT/ES-AMELSEC-F Series FX3GE-24MR/ESMELSEC-F Series FX3U-128MR/DSMELSEC-F Series FX3U-64MR/ES-AMELSEC-F Series FX3U-48MT/DSSMELSEC-F Series FX3U-16MR/DSMELSEC-F Series FX3G-60MR/ES-AMELSEC-F Series FX3S-20MT/DSSMELSEC-F Series FX3U-128MT/DSSMELSEC-F Series FX3S-30MR/ESMELSEC-F Series FX3U-48MT/DSMELSEC-F Series FX3GA-24MR-CMMELSEC-F Series FX3S-30MT/ESSMELSEC-F Series FX3UC-96MT/DSSMELSEC-F Series FX3G-14MR/ESMELSEC-F Series FX3SA-30MT-CMMELSEC-F Series FX3U-16MR/ESMELSEC-F Series FX3UC-16MT/DSS-P4MELSEC-F Series FX3GE-40MT/ESMELSEC-F Series FX3G-14MR/DSMELSEC-F Series FX3U-32MR/ES-AMELSEC-F Series FX3U-16MT/ESSMELSEC-F Series FX3U-80MR/DSMELSEC-F Series FX3S-30MR/ES-2ADMELSEC-F Series FX3GA-40MT-CMMELSEC-F Series FX3G-40MT/DSSMELSEC-F Series FX3GC-32MT/DMELSEC-F Series FX3UC-16MT/DSSMELSEC-F Series FX3GE-24MT/ESSMELSEC-F Series FX3GE-24MR/DSMELSEC-F Series FX3G-40MR/DSMELSEC-F Series FX3SA-10MR-CMMELSEC-F Series FX3S-20MT/DSMELSEC-F Series FX3G-14MT/DSSMELSEC-F Series FX3G-24MT/ES-AMELSEC-F Series FX3U-16MT/DSMELSEC-F Series FX3G-14MT/ES-AMELSEC-F Series FX3S-14MT/DSSMELSEC-F Series FX3G-40MT/ESMELSEC-F Series FX3S-30MT/ES-2ADMELSEC-F Series FX3GC-32MT/DSSMELSEC-F Series FX3S-10MT/DSSMELSEC-F Series FX3UC-16MR/D-TMELSEC-F Series FX3GE-40MR/DSMELSEC-F Series FX3GE-24MT/ESMELSEC-F Series FX3UC-32MT-LT-2MELSEC-F Series FX3U-16MT/ES-AMELSEC-F Series FX3S-14MT/ESSMELSEC-F Series FX3S-14MR/DSMELSEC-F Series FX3UC-64MT/DMELSEC-F Series FX3S-30MT/ESS-2ADMELSEC-F Series FX3G-40MT/ESSMELSEC-F Series FX3GA-24MT-CMMELSEC-F Series FX3U-32MT/ES
CWE ID-CWE-287
Improper Authentication
CVE-2023-43551
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 16.96%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:05
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Multi-Mode Call Processor

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_wear_3100_firmwaresdm429w_firmwareqcm8550_firmwareapq8017sd865_5gqcs410_firmwarerobotics_rb3sw5100psxr1120qcs610_firmwarewcd9335wcd9370qca8081_firmwaresnapdragon_7c_gen_2_compute_firmwaresnapdragon_670_mobileqca4004qca6696snapdragon_x70_modem-rf_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700wcn3610snapdragon_208_firmwaresnapdragon_750g_5g_mobilesnapdragon_780g_5g_mobilesnapdragon_685_4g_mobilevision_intelligence_200_firmwaresnapdragon_x50_5g_modem-rf_firmwaresnapdragon_782g_mobile_firmwaresnapdragon_wear_4100\+_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_auto_4g_modemsnapdragon_665_mobile_firmwaresc8180xp-aaab9205_lte_modemqca6574au_firmwaresnapdragon_690_5g_mobile_firmware9207_lte_modem_firmwarewcd9341sd626_firmwaresnapdragon_wear_1300qca6574ausnapdragon_820_automotive205_mobilesnapdragon_888\+_5g_mobile_firmwaresnapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwarewcd9390csra6640snapdragon_212_mobilemsm8209_firmwaresnapdragon_778g_5g_mobile_firmwaresc8180xp-acafsnapdragon_850_mobile_computewcn3660b_firmwaresd730snapdragon_820_automotive_firmwarefastconnect_6800_firmwareqcs5430snapdragon_690_5g_mobile9207_lte_modemsd835_firmwareqcn6024_firmwaresnapdragon_636_mobile_firmwareqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresnapdragon_712_mobile_firmwareqcm6125_firmwarec-v2x_9150snapdragon_678_mobile_firmwaresnapdragon_425_mobileqcc710snapdragon_1100_wearable_firmwaresnapdragon_xr2_5g_firmwaremdm9615msm8108snapdragon_xr1_firmwaresxr1120_firmwaresnapdragon_x5_lte_modem_firmwaresnapdragon_wear_4100\+315_5g_iot_modem_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwarevideo_collaboration_vc1_platformqfw7114snapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200315_5g_iot_modemqca6310wcd9360qca6335snapdragon_x65_5g_modem-rfqcs4490snapdragon_730_mobilesnapdragon_wear_3100mdm9250snapdragon_680_4g_mobilewsa8845qca6421_firmwareqcm6125snapdragon_212_mobile_firmwaremdm9230sc8180x-adqca6564au_firmwaresd820snapdragon_429_mobile_firmwarewsa8810mdm8207snapdragon_835_mobilesnapdragon_888_5g_mobile_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwaresnapdragon_wear_2500snapdragon_662_mobile_firmwaresnapdragon_685_4g_mobile_firmwarewcd9326_firmwaresnapdragon_845_mobile_firmwaremdm9640_firmwarewsa8840mdm9230_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesd835snapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6436_firmwarewcd9371_firmwaresnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqts110wcn3910_firmwaresnapdragon_460_mobilesnapdragon_8_gen_2_mobileqca6420qca6174_firmwarewcn3910mdm9205s_firmwarewcd9370_firmwarecsrb31024qca9367mdm9250_firmwaresnapdragon_712_mobilesnapdragon_835_mobile_firmwarewcn3660bqca6574asnapdragon_8\+_gen_2_mobilewcn3620_firmwareqca6174aqca6584_firmwarewcd9340qcm2290snapdragon_1200_wearable_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6335_firmwareqcm6490sm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwaresnapdragon_662_mobileqcn9024vision_intelligence_300_firmwareqca6574215_mobilesd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwaresdx57msmart_audio_400qcn9024_firmwarewsa8845hwcd9326qcs410qcm2290_firmwarevision_intelligence_100snapdragon_630_mobileqca6564asnapdragon_765g_5g_mobile_firmwaresnapdragon_wear_2100_firmwarewsa8830smart_display_200_firmwaresm8550psnapdragon_wear_2100snapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computesc8180x\+sdx55_firmwarear8035msm8996ausnapdragon_208snapdragon_7c_compute_firmwarewcn3620qcm4325qcn6224snapdragon_865\+_5g_mobile_firmwaresnapdragon_x5_lte_modemsnapdragon_429_mobilesc8180x\+sdx55qca6698aqwcn3950_firmwaresm6250mdm9205ssnapdragon_480\+_5g_mobilefastconnect_6200sd670wcn3680bsm7325p_firmwarewcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_210_firmwaresnapdragon_660_mobile_firmwarefastconnect_6700_firmwaresnapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990robotics_rb3_firmwaresnapdragon_x75_5g_modem-rf_firmwaresd670_firmwaresnapdragon_855_mobileqcs6490snapdragon_210snapdragon_695_5g_mobilesc8180xp-acaf_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqcn6224_firmwarevision_intelligence_100_firmwareqca6431wsa8845_firmwaresd660_firmwarewsa8832mdm9330_firmwaresnapdragon_auto_4g_modem_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwaresxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresc8180xp-aaab_firmwaremdm9630snapdragon_778g\+_5g_mobile205_mobile_firmwareqca6320msm8608_firmwaresd888_firmwaremsm8209wcd9306qca6564auqcs6125_firmwaresnapdragon_1100_wearablesnapdragon_425_mobile_firmwaresnapdragon_wear_1300_firmwaresm6250p_firmwaresc8180xp-adar6003wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareqcm4290sd_455_firmwaremsm8608sg8275p_firmwareqca9377_firmwareqcm6490_firmwaresnapdragon_665_mobilesm7250p_firmwarewcn3680_firmwareqcm4490_firmwarevision_intelligence_400_firmwarewcn3950qcs6125snapdragon_870_5g_mobile_firmwaresnapdragon_730g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobileqca4004_firmwaresnapdragon_778g\+_5g_mobile_firmwareapq8037smart_audio_400_firmwaresnapdragon_870_5g_mobilesd_675_firmwaresmart_audio_200_firmwaresnapdragon_678_mobilesnapdragon_720g_mobilesd_455sm7250pcsrb31024_firmwaresc8180x-acafsm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqca6584ausd888qca6320_firmwareqcn6274_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_675_mobile_firmwaresnapdragon_wear_2500_firmwaresw5100_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwareqca6310_firmwaresnapdragon_845_mobilesd626fastconnect_6800qfw7114_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesnapdragon_865_5g_mobile_firmwarewcd9371mdm9630_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380smart_audio_200snapdragon_xr2_5gsnapdragon_x24_lte_modemmsm8996au_firmwaresnapdragon_1200_wearablesnapdragon_auto_5g_modem-rf_firmwaresc8180x-aaabsc8180x-aaab_firmwaresw5100video_collaboration_vc3_platformaqt1000wcd9306_firmwaresnapdragon_4_gen_1_mobile_firmware215_mobile_firmwarec-v2x_9150_firmwaresd855qca6431_firmwarewcd9330_firmwareqca6174wcn3990_firmware9205_lte_modem_firmwaresm7315snapdragon_660_mobileqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385snapdragon_888\+_5g_mobileqcs2290_firmwaremsm8909w_firmwaresnapdragon_8_gen_1_mobilewcn3615qca9367_firmwaresnapdragon_630_mobile_firmwarewcd9330mdm8207_firmwaresnapdragon_680_4g_mobile_firmwarewcn3680wcn3610_firmwareqcs4290wcd9390_firmwaresnapdragon_865\+_5g_mobilesd820_firmwareqca6430snapdragon_855\+_mobilesg8275psm6250psnapdragon_765_5g_mobilesnapdragon_860_mobilesdx55_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfwcn3615_firmwaresxr21309206_lte_modem_firmwaremsm8108_firmwaresnapdragon_x65_5g_modem-rf_firmwareqcm4490csra6640_firmwaresnapdragon_480\+_5g_mobile_firmwareqca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_x50_5g_modem-rfapq8037_firmwaresnapdragon_670_mobile_firmwareqca6420_firmwareaqt1000_firmwareqcs6490_firmwaresdm429wsd855_firmwarewcd9335_firmwaremdm9640qca6436snapdragon_x70_modem-rfwcn3980_firmwaresnapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqcn6274qfw7124qca6595au_firmwareqcs610sw5100p_firmwareqca6696_firmwareqcs4290_firmwaresnapdragon_430_mobile_firmwarewcd9380_firmwareqca6574_firmwarecsra6620qca8081sd660mdm9628wsa8815sg4150pqca9377mdm9628_firmwaresnapdragon_x75_5g_modem-rfqcm4325_firmwaresnapdragon_439_mobile_firmware9206_lte_modemqca6574a_firmwaresdx55snapdragon_4_gen_1_mobileqcm4290_firmwaresnapdragon_720g_mobile_firmwaresnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwaresd675wcd9375_firmwareqca6391snapdragon_710_mobileqts110_firmwaremdm9615_firmwareqcs5430_firmwaresnapdragon_439_mobilesg4150p_firmwareqca6584csra6620_firmwareqcs8550fastconnect_7800sd865_5g_firmwaresnapdragon_8\+_gen_2_mobile_firmwaresnapdragon_xr1wcd9375vision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwaresnapdragon_430_mobilesnapdragon_636_mobilesd_675snapdragon_8\+_gen_1_mobile_firmwarevision_intelligence_400wsa8835_firmwaresmart_display_200ar6003_firmwarewcn3980qca6584au_firmwaremdm9330msm8909wwcn3680b_firmwaresnapdragon_w5\+_gen_1_wearablesnapdragon_8_gen_1_mobile_firmwareSnapdragonqcm2290_firmwareqca9377_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwaremdm9640_firmwaremsm8996au_firmware315_5g_iot_modem_firmwareqcs2290_firmwareqca6431_firmwaremdm9628_firmwareqcn6224_firmwaremsm8909w_firmwaresd670_firmwaremdm9205s_firmwareqca6420_firmwareqca6595au_firmwareqca6174_firmwaresd730_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcm5430_firmwareqcs6125_firmwareqca6584au_firmwarec-v2x_9150_firmwareqca6310_firmwareqca6430_firmwareqfw7114_firmwarequalcomm_video_collaboration_vc3_platform_firmwaremsm8108_firmwareqca6335_firmwareqcn6024_firmwareqcm4325_firmwareqca6574_firmwareqca6584_firmwareqca6426_firmwaremdm9230_firmwareqca6320_firmwareqca6574a_firmwareqca6574au_firmwarefastconnect_6200_firmwareqca8081_firmwareqca6436_firmwareqca6421_firmware9205_lte_modem_firmwareaqt1000_firmwareqca6564au_firmwarear6003_firmwareqca9367_firmwareqcm8550_firmwareqcm4490_firmwareqcn6274_firmwareqcs4490_firmwarecsrb31024_firmwareqcm6490_firmwarefastconnect_6900_firmwarerobotics_rb3_platform_firmwareqca4004_firmwareqcs8550_firmware9206_lte_modem_firmwarefastconnect_6700_firmwareqca6564a_firmwareapq8017_firmwaresd626_firmwareqcn9024_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcs610_firmwareqca6698aq_firmwaremsm8209_firmwarequalcomm_215_mobile_platform_firmwaresd835_firmwareqca6174a_firmwaremdm9250_firmwareqcs4290_firmwarequalcomm_205_mobile_platform_firmware9207_lte_modem_firmwareqca6696_firmwareqcs6490_firmwaremdm8207_firmwareqcs5430_firmwaresd820_firmwareqca6391_firmwaremsm8608_firmwaresd888_firmwareqcc710_firmwaremdm9330_firmwaresd855_firmwaresd865_5g_firmwaremdm9615_firmwareapq8037_firmwaresd660_firmwarefastconnect_6800_firmwareqcs410_firmwareqfw7124_firmwaremdm9630_firmwarear8035_firmwareqcm6125_firmwareqts110_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2026-44196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.64%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 17:40
Updated-14 May, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pingvin Share X: TOTP Authentication Bypass via Password-only Login

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.

Action-Not Available
Vendor-smp46
Product-pingvin-share-x
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
CVE-2026-44351
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 14.57%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 19:12
Updated-14 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an empty string (''), for example via the common keys[decoded.header.kid] || '' JWKS-style fallback, fast-jwt converts it to a zero-length Buffer, hands it to crypto.createSecretKey, derives allowedAlgorithms = ['HS256','HS384','HS512'] from it, and then verifies the token's signature against an empty-key HMAC. The attacker simply computes HMAC-SHA256(key='', input='${header}.${payload}'), which Node accepts without complaint — and the verifier returns the attacker-chosen payload (sub, admin, scopes, etc.) as authentic. This vulnerability is fixed in 6.2.4.

Action-Not Available
Vendor-nearform
Product-fast-jwt
CWE ID-CWE-1391
Use of Weak Credentials
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2026-44551
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.46% / 70.39%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 19:59
Updated-19 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: LDAP Empty Password Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user. This vulnerability is fixed in 0.9.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-287
Improper Authentication
CVE-2024-8956
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.1||CRITICAL
EPSS-60.88% / 99.04%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 19:59
Updated-22 Nov, 2025 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-11-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

Action-Not Available
Vendor-PTZOptics
Product-pt30x-sdipt30x-sdi_firmwarept30x-ndi-xx-g2pt30x-ndi-xx-g2_firmwarePT30X-NDIPT30X-SDIpt30x-ndi-xx-g2_firmwarept30x-sdi_firmwarePT30X-SDI/NDI Cameras
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2023-37471
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.02% / 59.22%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 16:53
Updated-24 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet. This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later. User unable to upgrade should comment servlet `SAMLPOSTProfileServlet` from their pom file. See the linked GHSA for details.

Action-Not Available
Vendor-openidentityplatformOpenIdentityPlatform
Product-openamOpenAM
CWE ID-CWE-287
Improper Authentication
CVE-2026-42560
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.42% / 33.52%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 04:15
Updated-11 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a single local identity. Any application that trusts token.User.ID as the stable account key can end up mixing or fully merging unrelated Patreon users, which can lead to cross-account access, privilege confusion, and subscription-state leakage. This issue has been patched in versions 1.25.2 and 2.1.2.

Action-Not Available
Vendor-go-pkgz
Product-auth
CWE ID-CWE-287
Improper Authentication
CVE-2025-21450
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.29% / 20.92%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:49
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in GPS_GNSS

Cryptographic issue occurs due to use of insecure connection method while downloading.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwarewcn6650wsa8845_firmwareqcm8550_firmwarewsa8832sdx61_firmwarewcd9378_firmwaresnapdragon_7c\+_gen_3snapdragon_480_5g_mobilesw5100psm7675pqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcn7880_firmwarewcn7860_firmwaresnapdragon_778g\+_5g_mobilewcd9340_firmwarewcd9395_firmwarewcn7881_firmwareqcn6024snapdragon_x62_5g_modem-rfwcn6450qcc710_firmwaresnapdragon_8\+_gen_1_mobilefastconnect_6700sm4635snapdragon_782g_mobile_firmwarewsa8815_firmwarewsa8832_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfsm6370sm4635_firmwareqcm4490_firmwareqca6574auwcd9390wcn3950snapdragon_888\+_5g_mobile_firmwarewsa8810_firmwarewsa8845h_firmwaresnapdragon_778g_5g_mobile_firmwaresm8650q_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresdx80mqcs5430snapdragon_778g\+_5g_mobile_firmwarewcn7860qcn6024_firmwareqcm5430qcm5430_firmwareqca6584auqcn6274_firmwarewcn6755_firmwareqcc710qcn9011_firmwaresnapdragon_x32_5g_modem-rf_firmwaresw5100_firmwarewcn6650_firmwaresnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sm8635qfw7114sm8635_firmwarewcd9385_firmwarefastconnect_6900_firmwarewcd9380wcd9360sdx61wcn7880snapdragon_x65_5g_modem-rfwcn6755qcs4490wsa8845snapdragon_auto_5g_modem-rf_firmwarewsa8810wcn7881sm6650sw5100snapdragon_888_5g_mobile_firmwareqca6595auvideo_collaboration_vc3_platformsnapdragon_888_5g_mobilesnapdragon_4_gen_1_mobile_firmwaresm6650pwsa8840qca6688aqqcs8550_firmwaresnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqca6698auqfw7124_firmwarewcd9385qca6698aq_firmwaresm8750pqcn9012snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresm8635pwcd9390_firmwaresnapdragon_x62_5g_modem-rf_firmwareqep8111_firmwaresg8275pwcd9370_firmwaresdx55_firmwaresm8750_firmwaresnapdragon_auto_5g_modem-rfqca6574asm7635p_firmwaresnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcn7861_firmwareqca6174a_firmwarewcn7861qcm6490sm7325pwcn3988qcm8550qcs6490_firmwaresm6370_firmwaresm6650_firmwareqcn9024wcn3980_firmwareqca6584au_firmwareqcn6274qfw7124snapdragon_w5\+_gen_1_wearablewsa8835qca6595au_firmwarewsa8840_firmwareqca6391_firmwareqca6698au_firmwaresw5100p_firmwareqcn9011qca6696_firmwarewsa8845hqcn9024_firmwarewcd9380_firmwaresm8650qwsa8815qca8081sd_8_gen1_5gwsa8830qca6797aqsnapdragon_x75_5g_modem-rfsm7675_firmwarear8035qca6574a_firmwaresdx55sm7635_firmwaresnapdragon_4_gen_1_mobilesm7635pwcn6450_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwaresnapdragon_7c\+_gen_3_firmwareqca6391qcn6224qcn9012_firmwareqcs5430_firmwareqca6698aqwcn3950_firmwaresm7635snapdragon_x32_5g_modem-rfqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sm7325p_firmwarewcd9360_firmwarewcd9378snapdragon_480_5g_mobile_firmwaresm8635p_firmwareqca6688aq_firmwaresm6650p_firmwaresm8750p_firmwarewcd9375wcn3988_firmwarefastconnect_6700_firmwaresm7675video_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwarewsa8835_firmwaresdx80m_firmwaresnapdragon_x75_5g_modem-rf_firmwarewcn3980qcs6490sm7675p_firmwaresnapdragon_695_5g_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwaresnapdragon_8_gen_3_mobilewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragon
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-40910
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.51%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:09
Updated-29 Apr, 2026 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses credentials from the regular Authorization header. As a result, an attacker who can reach the HTTP vhost entrypoint and knows or can guess the protected routeByHTTPUser value may access a backend protected by httpUser / httpPassword even with an incorrect Proxy-Authorization password. This issue affects deployments that explicitly use routeByHTTPUser. It does not affect ordinary HTTP proxies that do not use this feature. This vulnerability is fixed in 0.68.1.

Action-Not Available
Vendor-fatedierfatedier
Product-frpfrp
CWE ID-CWE-287
Improper Authentication
CVE-2026-36727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 28.46%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 00:00
Updated-10 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-31123
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.65% / 46.60%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 20:01
Updated-29 Jan, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login`

`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually.

Action-Not Available
Vendor-effectindexeffectindex
Product-tripreportertripreporter
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found