Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50173 | 1 Microsoft | 19 Windows, Windows 10 1507, Windows 10 1607 and 16 more | 2025-11-04 | 7.8 High |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-36048 | 2 Fedoraproject, Qt | 3 Fedora, Qt, Qt Network Authorization | 2025-11-04 | 9.8 Critical |
| QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. | ||||
| CVE-2025-59249 | 1 Microsoft | 5 Exchange, Exchange Server, Exchange Server 2016 and 2 more | 2025-11-04 | 8.8 High |
| Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-29038 | 2 Redhat, Tpm2-tools Project | 2 Enterprise Linux, Tpm2-tools | 2025-11-04 | 4.3 Medium |
| tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. | ||||
| CVE-2025-30468 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-11-04 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication. | ||||
| CVE-2025-26343 | 1 Q-free | 1 Maxtime | 2025-10-24 | 8.1 High |
| A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests. | ||||
| CVE-2025-49201 | 1 Fortinet | 2 Fortipam, Fortiswitchmanager | 2025-10-15 | 7.4 High |
| A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests | ||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2025-10-14 | 9 Critical |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-0822 | 2 Ovirt, Redhat | 2 Ovirt-engine, Rhev Manager | 2025-10-09 | 7.5 High |
| An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. | ||||
| CVE-2024-45551 | 1 Qualcomm | 484 Aqt1000, Aqt1000 Firmware, Ar8035 and 481 more | 2025-10-06 | 6.2 Medium |
| Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. | ||||
| CVE-2024-6580 | 1 Nsoftware | 1 Ipworks Ssh | 2025-09-26 | 6.5 Medium |
| The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates. | ||||
| CVE-2024-50563 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-09-24 | 6.7 Medium |
| A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | ||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2025-08-23 | 6.5 Medium |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47479 | 2 Wordpress, Wpcompress | 2 Wordpress, Wp Compress | 2025-08-14 | 5.3 Medium |
| Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30. | ||||
| CVE-2025-7326 | 1 Microsoft | 1 Aspnetcore | 2025-07-22 | 7 High |
| Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | ||||
| CVE-2023-41862 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.3 Medium |
| Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0. | ||||
| CVE-2024-32119 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | 4.6 Medium |
| An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. | ||||
| CVE-2024-35248 | 1 Microsoft | 1 Dynamics 365 Business Central | 2025-07-16 | 7.3 High |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | ||||
| CVE-2025-1727 | 2025-07-15 | 8.1 High | ||
| The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting operations or potentially overwhelming the brake systems. | ||||
| CVE-2025-39596 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8. | ||||