Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12802 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name. | |||||
| CVE-2023-41920 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in. | |||||
| CVE-2023-4939 | 1 Salesmanago | 1 Salesmanago | 2026-04-08 | N/A | 5.3 MEDIUM |
| The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences. | |||||
| CVE-2026-33496 | 1 Ory | 1 Oathkeeper | 2026-04-07 | N/A | 8.1 HIGH |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators. | |||||
| CVE-2026-3047 | 1 Redhat | 2 Build Of Keycloak, Keycloak | 2026-03-26 | N/A | 8.8 HIGH |
| A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions. | |||||
| CVE-2026-30849 | 1 Mantisbt | 1 Mantisbt | 2026-03-25 | N/A | 9.8 CRITICAL |
| Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer. Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name. | |||||
| CVE-2026-32730 | 1 Apostrophecms | 1 Apostrophecms | 2026-03-24 | N/A | 8.1 HIGH |
| ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA requirements were NOT — to be used as fully authenticated bearer tokens. This completely bypasses multi-factor authentication for any ApostropheCMS deployment using `@apostrophecms/login-totp` or any custom `afterPasswordVerified` login requirement. Version 4.28.0 fixes the issue. | |||||
| CVE-2024-7557 | 1 Redhat | 2 Openshift Ai, Openshift Data Science | 2026-03-19 | N/A | 8.8 HIGH |
| A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | |||||
| CVE-2025-31703 | 2026-03-18 | N/A | N/A | ||
| A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges. | |||||
| CVE-2026-1965 | 1 Haxx | 1 Curl | 2026-03-12 | N/A | 6.5 MEDIUM |
| libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API). | |||||
| CVE-2026-0869 | 1 Broadcom | 1 Brocade Active Support Connectivity Gateway | 2026-03-09 | N/A | 8.8 HIGH |
| Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric. | |||||
| CVE-2026-28536 | 1 Huawei | 1 Harmonyos | 2026-03-06 | N/A | 9.6 CRITICAL |
| Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2026-1713 | 1 Ibm | 1 Mq | 2026-03-05 | N/A | 5.0 MEDIUM |
| IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD | |||||
| CVE-2025-68435 | 1 Nicotsx | 1 Zerobyte | 2026-03-05 | N/A | 9.1 CRITICAL |
| Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This is dangerous for those who have exposed Zerobyte to be used outside of their internal network. A fix has been applied in both version 0.19.0 and 0.18.5. If immediate upgrade is not possible, restrict network access to the Zerobyte instance to trusted networks only using firewall rules or network segmentation. This is only a temporary mitigation; upgrading is strongly recommended. | |||||
| CVE-2026-22153 | 1 Fortinet | 1 Fortios | 2026-02-12 | N/A | 8.1 HIGH |
| An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way. | |||||
| CVE-2025-58382 | 1 Broadcom | 1 Fabric Operating System | 2026-02-06 | N/A | 7.2 HIGH |
| A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command. | |||||
| CVE-2025-59980 | 1 Juniper | 1 Junos | 2026-01-23 | N/A | 6.5 MEDIUM |
| An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2. | |||||
| CVE-2024-20378 | 1 Cisco | 30 Ip Phone 6821, Ip Phone 6821 With Multiplatform Firmware, Ip Phone 6841 and 27 more | 2026-01-05 | N/A | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed. | |||||
| CVE-2025-13915 | 1 Ibm | 1 Api Connect | 2025-12-31 | N/A | 9.8 CRITICAL |
| IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | |||||
| CVE-2024-10394 | 1 Openafs | 1 Openafs | 2025-12-23 | N/A | 7.8 HIGH |
| A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG. | |||||