Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47479 | 2 Wordpress, Wpcompress | 2 Wordpress, Wp Compress | 2026-04-01 | 9.8 Critical |
| Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30. | ||||
| CVE-2026-32497 | 2 Pickplugins, Wordpress | 2 User Verification, Wordpress | 2026-03-30 | 5.3 Medium |
| Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | ||||
| CVE-2026-27478 | 1 Unitycatalog | 1 Unitycatalog | 2026-03-23 | 9.1 Critical |
| Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider. | ||||
| CVE-2025-15595 | 2 Jrsoftware, Mlsoft | 2 Inno Setup, Inno Setup | 2026-03-13 | 7.8 High |
| Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions. | ||||
| CVE-2025-30412 | 3 Acronis, Linux, Microsoft | 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more | 2026-03-12 | N/A |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2025-30411 | 3 Acronis, Linux, Microsoft | 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more | 2026-03-12 | N/A |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2025-40552 | 1 Solarwinds | 1 Web Help Desk | 2026-02-27 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. | ||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2026-02-26 | 6.5 Medium |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-50173 | 2 Microsoft, Multimedia | 28 Windows, Windows 10 1507, Windows 10 1607 and 25 more | 2026-02-26 | 7.8 High |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59249 | 1 Microsoft | 6 Exchange, Exchange Server, Exchange Server 2016 and 3 more | 2026-02-26 | 8.8 High |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-40554 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | ||||
| CVE-2025-24070 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more | 2026-02-13 | 7 High |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-26635 | 1 Microsoft | 13 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 10 more | 2026-02-13 | 6.5 Medium |
| Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-27740 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-13 | 8.8 High |
| Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-57713 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 7.5 High |
| A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later | ||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2026-02-10 | 9 Critical |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2025-63807 | 2 2dogz, Weijiang1994 | 2 Blogin, Blogin | 2026-01-15 | 9.8 Critical |
| An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods. | ||||
| CVE-2025-49201 | 1 Fortinet | 2 Fortipam, Fortiswitchmanager | 2026-01-14 | 7.4 High |
| A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests | ||||
| CVE-2025-1293 | 1 Hashicorp | 1 Hermes | 2025-12-18 | 8.2 High |
| Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0. | ||||
| CVE-2024-35248 | 1 Microsoft | 3 Dynamics 365 Business Central, Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024 | 2025-12-17 | 7.3 High |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | ||||