Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1390

CWE-1390

Weak Authentication

Parent: CWE-287 - Improper Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

81 vulnerabilities with CWE-1390

CVE-2024-54092 CRITICAL

Industrial Edge Device Kit - arm64/x86-64 <1.20.2-1/<1.21.1-1 - Inf...

CVE-2024-45551 MEDIUM

Qualcomm FastConnect and Flight/QAM Firmware - Weak Authentication via Gatekeeper PIN Verification

CVE-2024-52541 HIGH

Dell Client Platform BIOS - Privilege Escalation

CVE-2024-50563 HIGH

Fortinet FortiManager/FortiAnalyzer <7.6.1/7.4.3 - RCE

CVE-2024-48886 CRITICAL

Fortinet FortiOS/FortiProxy/FortiManager/FortiAnalyzer Cloud Weak Authentication Brute-Force

CVE-2024-13239 CRITICAL

Drupal Two-factor Authentication < 8.x-1.5 - Weak Authentication

CVE-2024-47397 HIGH

FXC Inc. AE1021 and AE1021PE <= 2.0.10 - Weak Authentication Bypass via Undocumented String

CVE-2024-49019 HIGH

Active Directory Certificate Services - Privilege Escalation

CVE-2024-45367 CRITICAL

ONS-S8 - Spectra Aggregation Switch - Auth Bypass

CVE-2024-47127 MEDIUM

goTenna Pro < 1.6.1 and < 2.0.3 - Unauthenticated Message Injection via Software Defined Radio

CVE-2024-41722 MEDIUM

goTenna Pro ATAK Plugin - Code Injection

CVE-2024-8322 MEDIUM

Ivanti EPM <2022 SU6-2024 September - Auth Bypass

CVE-2024-38239 HIGH

Windows Kerberos - Privilege Escalation

CVE-2024-38182 CRITICAL

Microsoft Dynamics 365 - Privilege Escalation

CVE-2024-6580 MEDIUM

IPWorks SSH <24.0.8945 - Path Traversal

CVE-2024-39848 CRITICAL

Internet2 Grouper <5.6 - Auth Bypass

CVE-2024-29038 MEDIUM

tpm2-tools 4.1-5.5.1 - Weak Authentication via Arbitrary Quote Data

CVE-2024-34451 CRITICAL

Ghost < 5.85.1 - Authentication Rate-Limit Bypass via X-Forwarded-For Header Manipulation

CVE-2024-5891 MEDIUM

Quay - Weak Authentication via OAuth Token

CVE-2024-35248 HIGH

Microsoft Dynamics 365 Business Central - Elevation of Privilege via Weak Authentication

CVE-2024-36787 HIGH

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 - Auth Bypass

CVE-2024-29837 HIGH

Evolution Controller <2.04.560.31.03.2024 - Info Disclosure

CVE-2024-0822 HIGH

ovirt-engine - Unauthenticated User Creation via CreateUserSession Command

CVE-2023-53894 CRITICAL

phpfm 1.7.9 - Auth Bypass

CVE-2023-41862 MEDIUM

Guido VS Contact Form <14.0 - Auth Bypass

Previous Page 3 of 4 Next

Details

Vulnerabilities 81

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy