Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32885 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 6.5 MEDIUM |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. | |||||
| CVE-2025-5484 | 2025-06-16 | N/A | 8.3 HIGH | ||
| A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. | |||||
| CVE-2024-13239 | 1 Two-factor Authentication Project | 1 Two-factor Authentication | 2025-06-04 | N/A | 9.8 CRITICAL |
| Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | |||||
| CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2025-06-04 | N/A | 8.8 HIGH |
| Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | |||||
| CVE-2024-36787 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.8 HIGH |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | |||||
| CVE-2025-0605 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.6 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | |||||
| CVE-2025-39596 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8. | |||||
| CVE-2025-29991 | 2025-04-07 | N/A | 2.2 LOW | ||
| Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification. | |||||
| CVE-2025-23058 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-28 | N/A | 8.8 HIGH |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges. | |||||
| CVE-2024-39848 | 2025-03-27 | N/A | 9.1 CRITICAL | ||
| Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1. | |||||
| CVE-2025-29994 | 2025-03-13 | N/A | N/A | ||
| This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts. | |||||
| CVE-2025-1293 | 2025-02-20 | N/A | 8.2 HIGH | ||
| Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0. | |||||
| CVE-2024-52541 | 2025-02-19 | N/A | 8.2 HIGH | ||
| Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2025-1387 | 2025-02-17 | N/A | 9.8 CRITICAL | ||
| Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. | |||||
| CVE-2024-48886 | 1 Fortinet | 6 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 3 more | 2025-02-03 | N/A | 9.0 CRITICAL |
| A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | |||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2025-01-08 | N/A | 9.0 CRITICAL |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-47397 | 2024-12-18 | N/A | 7.5 HIGH | ||
| Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string. | |||||
| CVE-2023-41862 | 2024-12-13 | N/A | 5.3 MEDIUM | ||
| Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0. | |||||
| CVE-2024-5891 | 1 Redhat | 1 Quay | 2024-11-21 | N/A | 4.2 MEDIUM |
| A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to. | |||||
| CVE-2024-35248 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-11-21 | N/A | 7.3 HIGH |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||