Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29038 | 1 Tpm2-tools Project | 1 Tpm2-tools | 2025-11-04 | N/A | 4.3 MEDIUM |
| tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. | |||||
| CVE-2025-30468 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-03 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2025-59249 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | N/A | 8.8 HIGH |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-26343 | 1 Q-free | 1 Maxtime | 2025-10-24 | N/A | 8.1 HIGH |
| A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests. | |||||
| CVE-2024-45551 | 1 Qualcomm | 484 Aqt1000, Aqt1000 Firmware, Ar8035 and 481 more | 2025-10-06 | N/A | 6.2 MEDIUM |
| Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. | |||||
| CVE-2024-6580 | 1 Nsoftware | 1 Ipworks Ssh | 2025-09-26 | N/A | 6.5 MEDIUM |
| The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates. | |||||
| CVE-2024-50563 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-09-24 | N/A | 7.3 HIGH |
| A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | |||||
| CVE-2025-50173 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 7.8 HIGH |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-14 | N/A | 6.5 MEDIUM |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2024-32119 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | N/A | 4.8 MEDIUM |
| An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. | |||||
| CVE-2025-27740 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-10 | N/A | 8.8 HIGH |
| Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-26635 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-07-03 | N/A | 6.5 MEDIUM |
| Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-24070 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2022 | 2025-07-02 | N/A | 7.0 HIGH |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-21552 | 1 Oracle | 1 Jd Edwards Enterpriseone Orchestrator | 2025-06-23 | N/A | 6.5 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2024-34451 | 1 Ghost | 1 Ghost | 2025-06-20 | N/A | 9.1 CRITICAL |
| Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers. | |||||
| CVE-2025-32885 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | N/A | 6.5 MEDIUM |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. | |||||
| CVE-2024-13239 | 1 Two-factor Authentication Project | 1 Two-factor Authentication | 2025-06-04 | N/A | 9.8 CRITICAL |
| Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | |||||
| CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2025-06-04 | N/A | 8.8 HIGH |
| Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | |||||
| CVE-2024-36787 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.8 HIGH |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | |||||
| CVE-2025-0605 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.6 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | |||||