Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28710 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2026-06-17 | N/A | 9.8 CRITICAL |
| Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||||
| CVE-2026-1693 | 1 Arcinformatique | 1 Pcvue | 2026-06-17 | N/A | 7.5 HIGH |
| The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials. | |||||
| CVE-2025-7326 | 2026-06-17 | N/A | 7.0 HIGH | ||
| Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | |||||
| CVE-2025-63807 | 1 2dogz | 1 Blogin | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods. | |||||
| CVE-2025-5484 | 2026-06-17 | N/A | 8.3 HIGH | ||
| A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. | |||||
| CVE-2025-59249 | 1 Microsoft | 2 Exchange Server, Exchange Server Subscription Edition | 2026-06-17 | N/A | 8.8 HIGH |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-57713 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 7.5 HIGH |
| A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later | |||||
| CVE-2025-50173 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.8 HIGH |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49201 | 1 Fortinet | 2 Fortipam, Fortiswitchmanager | 2026-06-17 | N/A | 8.1 HIGH |
| A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests | |||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2026-06-17 | N/A | 6.5 MEDIUM |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-47479 | 1 Wpcompress | 1 Wp Compress | 2026-06-17 | N/A | 5.3 MEDIUM |
| Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30. | |||||
| CVE-2025-40554 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | |||||
| CVE-2025-40552 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. | |||||
| CVE-2025-39596 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8. | |||||
| CVE-2025-32885 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. | |||||
| CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2026-06-17 | N/A | 8.8 HIGH |
| Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | |||||
| CVE-2025-30468 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-17 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2025-30412 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | |||||
| CVE-2025-30411 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | |||||
| CVE-2025-29994 | 2026-06-17 | N/A | N/A | ||
| This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts. | |||||