The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
75 vulnerabilities with CWE-1390
CVE-2025-1727
HIGH
FRED - DoS
CVSS 8.1
CVE-2025-7326
HIGH
ASP.NET Core - Privilege Escalation
CVSS 7.0
CVE-2025-47479
MEDIUM
AresIT WP Compress <6.30.30 - Auth Bypass
CVSS 5.3
CVE-2025-5484
HIGH
SinoTrack - Auth Bypass
CVSS 8.3
CVE-2025-0605
MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Auth Bypass
CVSS 4.6
CVE-2025-32885
MEDIUM
goTenna v1 <5.5.3-0.25.5 - Code Injection
CVSS 6.5
CVE-2025-39596
CRITICAL
Quentn WP <1.2.8 - Privilege Escalation
CVSS 9.8
CVE-2025-27740
HIGH
Windows Active Directory Certificate Services - Privilege Escalation
CVSS 8.8
CVE-2025-26635
MEDIUM
Windows Hello < - Auth Bypass
CVSS 6.5
CVE-2025-29991
LOW
Yubico YubiKey 5.4.1-5.7.3 - Info Disclosure
CVSS 2.2
CVE-2025-31676
HIGH
Drupal Email TFA <2.0.3 - Auth Bypass
CVSS 8.8
CVE-2025-29994
HIGH
CAP Back Office - Auth Bypass
CVE-2025-24070
HIGH
ASP.NET Core & Visual Studio - Privilege Escalation
CVSS 7.0
CVE-2025-1293
HIGH
Hashicorp Hermes < 0.5.0 - Authentication Bypass
CVSS 8.2
CVE-2025-1387
CRITICAL
Orca HCM - Auth Bypass
CVSS 9.8
CVE-2025-26343
HIGH
Q-Free MaxTime <= 2.11.0 - Auth Bypass
CVSS 8.1
CVE-2025-23058
HIGH
ClearPass Policy Manager - Privilege Escalation
CVSS 8.8
CVE-2025-21552
MEDIUM
Oracle JD Edwards <9.2.9.2 - Unauthorized Access
CVSS 6.5
CVE-2024-32119
MEDIUM
Fortinet FortiClientEMS <7.2.4 - Auth Bypass
CVSS 4.8
CVE-2024-54092
CRITICAL
Industrial Edge Device Kit - arm64/x86-64 <1.20.2-1/<1.21.1-1 - Inf...
CVSS 9.8
CVE-2024-45551
MEDIUM
Gatekeeper - Privilege Escalation
CVSS 6.2
CVE-2024-52541
HIGH
Dell Client Platform BIOS - Privilege Escalation
CVSS 8.2
CVE-2024-50563
HIGH
Fortinet FortiManager/FortiAnalyzer <7.6.1/7.4.3 - RCE
CVSS 7.3
CVE-2024-48886
CRITICAL
Fortinet FortiOS <7.4.15 - RCE
CVSS 9.0
CVE-2024-13239
CRITICAL
Drupal TFA <1.5.0 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities
75