Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26635 | 1 Microsoft | 13 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 10 more | 2026-02-13 | 6.5 Medium |
| Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-27740 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 8.8 High |
| Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-57713 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 7.5 High |
| A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later | ||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2026-02-10 | 9 Critical |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2025-63807 | 2 2dogz, Weijiang1994 | 2 Blogin, Blogin | 2026-01-15 | 9.8 Critical |
| An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods. | ||||
| CVE-2025-49201 | 1 Fortinet | 2 Fortipam, Fortiswitchmanager | 2026-01-14 | 7.4 High |
| A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests | ||||
| CVE-2025-1293 | 1 Hashicorp | 1 Hermes | 2025-12-18 | 8.2 High |
| Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0. | ||||
| CVE-2024-35248 | 1 Microsoft | 3 Dynamics 365 Business Central, Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024 | 2025-12-17 | 7.3 High |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | ||||
| CVE-2024-29837 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | 8.8 High |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in. | ||||
| CVE-2024-52541 | 1 Dell | 784 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 781 more | 2025-12-01 | 8.2 High |
| Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2024-0822 | 2 Ovirt, Redhat | 2 Ovirt-engine, Rhev Manager | 2025-11-20 | 7.5 High |
| An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. | ||||
| CVE-2025-12870 | 1 Aenrich | 2 A+hrd, A\+hrd | 2025-11-18 | 9.8 Critical |
| The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges. | ||||
| CVE-2025-12871 | 1 Aenrich | 2 A+hrd, A\+hrd | 2025-11-18 | 9.8 Critical |
| The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges. | ||||
| CVE-2025-1387 | 1 Learningdigital | 1 Orca Hcm | 2025-11-17 | 9.8 Critical |
| Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. | ||||
| CVE-2025-11084 | 1 Rockwellautomation | 1 Factorytalk | 2025-11-12 | N/A |
| A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period. | ||||
| CVE-2024-36048 | 2 Fedoraproject, Qt | 3 Fedora, Qt, Qt Network Authorization | 2025-11-04 | 9.8 Critical |
| QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. | ||||
| CVE-2024-29038 | 2 Redhat, Tpm2-tools Project | 2 Enterprise Linux, Tpm2-tools | 2025-11-04 | 4.3 Medium |
| tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. | ||||
| CVE-2025-26343 | 1 Q-free | 1 Maxtime | 2025-10-24 | 8.1 High |
| A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests. | ||||
| CVE-2024-45551 | 1 Qualcomm | 484 Aqt1000, Aqt1000 Firmware, Ar8035 and 481 more | 2025-10-06 | 6.2 Medium |
| Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. | ||||
| CVE-2024-6580 | 1 Nsoftware | 1 Ipworks Ssh | 2025-09-26 | 6.5 Medium |
| The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates. | ||||