Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1390

CWE-1390

Weak Authentication

Parent: CWE-287 - Improper Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

81 vulnerabilities with CWE-1390

CVE-2026-0274 HIGH

Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

CVE-2026-6274 CRITICAL

Authentication Bypass in DTS Electronics' Redline WR3200

CVE-2026-44237 HIGH

FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

CVE-2026-49323 MEDIUM

Indian Scout Bobber 2025 WCM-to-ECM weak authentication

CVE-2026-49322 MEDIUM

Indian Scout Bobber 2025 WCM - Weak PIN Authentication

CVE-2026-40417 HIGH

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

CVE-2026-0204 HIGH

SonicWall SonicOS <=6.5.5.1-6n - Auth Bypass

CVE-2026-6886 CRITICAL

BorG Technology Corporation｜Borg SPM 2007 - Authentication Bypass

CVE-2026-4924 HIGH

Devolutions Server <=2026.1.11 - Auth Bypass

CVE-2026-4828 HIGH

Devolutions Server <=2026.1.11 - Auth Bypass

CVE-2026-32497 MEDIUM

WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability

CVE-2026-27478 CRITICAL

Unity Catalog <=0.4.0 - Auth Bypass

CVE-2026-28710 CRITICAL

Acronis Cyber Protect 17 - Info Disclosure

CVE-2026-1693 HIGH

PcVue 12.0.0-16.3.3 - Credential Theft via Obsolete OAuth ROPC Flow

CVE-2025-70994 HIGH

Yadea T5 Electric Bicycles 2024 - Auth Bypass

CVE-2025-62844 MEDIUM

QNAP QuRouter < 2.6.2.007 - Weak Authentication Information Disclosure

CVE-2025-15595 HIGH

Inno Setup <=6.2.1 - Privilege Escalation

CVE-2025-30412 CRITICAL

Acronis Cyber Protect - Info Disclosure

CVE-2025-30411 CRITICAL

Acronis Cyber Protect - Info Disclosure

CVE-2025-57713 HIGH

File Station 5 <5.5.6.5166 - Info Disclosure

CVE-2025-40554 CRITICAL

SolarWinds Web Help Desk < 2026.1 - Authentication Bypass

CVE-2025-40552 CRITICAL

SolarWinds Web Help Desk < 2026.1 - Authentication Bypass

CVE-2025-63807 CRITICAL

University-BBS <9e06bab430bfc729f27b4284ba7570db3b11ce84 - Auth Bypass

CVE-2025-12871 CRITICAL

aenrich a+HRD < 7.5 - Unauthenticated Authentication Abuse via Crafted Administrator Token

CVE-2025-12870 CRITICAL

a+HRD < 7.5 - Unauthenticated Authentication Abuse via Crafted Packets

Page 1 of 4 Next

Details

Vulnerabilities 81

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy