Vulnerabilities (CVE)

Filtered by CWE-287
Total 4201 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40723 1 Pingidentity 3 Pingfederate, Pingid Integration Kit, Radius Pcv 2026-06-17 N/A 6.5 MEDIUM
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
CVE-2022-40703 1 Alivecor 1 Kardia 2026-06-17 N/A 5.2 MEDIUM
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
CVE-2022-40684 1 Fortinet 3 Fortios, Fortiproxy, Fortiswitchmanager 2026-06-17 N/A 9.8 CRITICAL
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2022-40664 1 Apache 1 Shiro 2026-06-17 N/A 9.8 CRITICAL
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVE-2022-40622 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2026-06-17 N/A 8.8 HIGH
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
CVE-2022-40616 1 Ibm 1 Maximo Asset Management 2026-06-17 N/A 8.1 HIGH
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
CVE-2022-40536 1 Qualcomm 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more 2026-06-17 N/A 7.5 HIGH
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.
CVE-2022-40521 1 Qualcomm 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more 2026-06-17 N/A 7.5 HIGH
Transient DOS due to improper authorization in Modem
CVE-2022-40494 1 Ehang-io 1 Nps 2026-06-17 N/A 9.8 CRITICAL
NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters.
CVE-2022-40259 1 Ami 1 Megarac Sp-x 2026-06-17 N/A 8.3 HIGH
MegaRAC Default Credentials Vulnerability
CVE-2022-40242 1 Ami 1 Megarac Sp-x 2026-06-17 N/A 7.5 HIGH
MegaRAC Default Credentials Vulnerability
CVE-2022-40144 2 Microsoft, Trendmicro 2 Windows, Apex One 2026-06-17 N/A 9.8 CRITICAL
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.
CVE-2022-3875 1 Clickstudios 1 Passwordstate 2026-06-17 N/A 7.3 HIGH
A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244.
CVE-2022-3681 1 Motorola 1 Mr2600 2026-06-17 N/A 6.5 MEDIUM
A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.
CVE-2022-3477 3 Newsmag Project, Newspaper Project, Tagdiv Composer Project 3 Newsmag, Newspaper, Tagdiv Composer 2026-06-17 N/A 9.8 CRITICAL
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
CVE-2022-3465 1 Mediabridgeproducts 2 Mlwr-ac1200r, Mlwr-ac1200r Firmware 2026-06-17 N/A 7.3 HIGH
A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.
CVE-2022-3218 1 Necta 1 Wifi Mouse Server 2026-06-17 N/A 9.8 CRITICAL
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVE-2022-3173 1 Snipeitapp 1 Snipe-it 2026-06-17 N/A 4.3 MEDIUM
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-3156 1 Rockwellautomation 1 Studio 5000 Logix Emulate 2026-06-17 N/A 7.8 HIGH
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.  Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
CVE-2022-3152 1 Php-fusion 1 Phpfusion 2026-06-17 N/A 8.8 HIGH
Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.