Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1390

CWE-1390

Weak Authentication

Parent: CWE-287 - Improper Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

81 vulnerabilities with CWE-1390

CVE-2025-11084 HIGH

DataMosaix Private Cloud - Auth Bypass

CVE-2025-59249 HIGH

Microsoft Exchange Server - Privilege Escalation

CVE-2025-49201 HIGH

Fortinet FortiPAM 1.0.0-1.4.2 and FortiSwitchManager 7.2.0-7.2.4 - Weak Authentication

CVE-2025-30468 MEDIUM

iPadOS < 26.0 - Unauthenticated Private Browsing Tab Access

CVE-2025-50173 HIGH

Windows Installer - Privilege Escalation

CVE-2025-47995 MEDIUM

Azure Machine Learning - Privilege Escalation

CVE-2025-1727 HIGH

End-of-Train/Head-of-Train Protocol - Unauthenticated Brake Command Injection via RF Spoofing

CVE-2025-7326 HIGH

ASP.NET Core - Privilege Escalation

CVE-2025-47479 MEDIUM

AresIT WP Compress <6.30.30 - Auth Bypass

CVE-2025-5484 HIGH

SinoTrack IOT PC Platform - Weak Authentication via Default Credentials

CVE-2025-0605 MEDIUM

GitLab CE/EE <17.10.7-18.0.1 - Auth Bypass

CVE-2025-32885 MEDIUM

goTenna v1 <5.5.3-0.25.5 - Code Injection

CVE-2025-39596 CRITICAL

Quentn WP <1.2.8 - Privilege Escalation

CVE-2025-27740 HIGH

Windows Active Directory Certificate Services - Privilege Escalation

CVE-2025-26635 MEDIUM

Windows 10/11, Server 2019/2022 - Weak Authentication in Windows Hello

CVE-2025-29991 LOW

Yubico YubiKey 5.4.1-5.7.3 - Info Disclosure

CVE-2025-31676 HIGH

Drupal Email TFA <2.0.3 - Auth Bypass

CVE-2025-29994 HIGH

CAP back office application < 2.0.4 - Unauthenticated Weak Authentication via API Endpoint

CVE-2025-24070 HIGH

ASP.NET Core & Visual Studio - Privilege Escalation

CVE-2025-1293 HIGH

Hermes < 0.5.0 - Authentication Bypass via Improper AWS ALB JWT Validation

CVE-2025-1387 CRITICAL

Orca HCM < 11.0 - Unauthenticated Weak Authentication

CVE-2025-26343 HIGH

Q-Free MaxTime <= 2.11.0 - Auth Bypass

CVE-2025-23058 HIGH

ClearPass Policy Manager - Privilege Escalation

CVE-2025-21552 MEDIUM

Oracle JD Edwards <9.2.9.2 - Unauthorized Access

CVE-2024-32119 MEDIUM

Fortinet FortiClientEMS <7.2.4 - Auth Bypass

Previous Page 2 of 4 Next

Details

Vulnerabilities 81

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy