The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
75 vulnerabilities with CWE-303
CVE-2026-28446
CRITICAL
OpenClaw <2026.2.1 - Auth Bypass
CVSS 9.4
CVE-2019-25436
MEDIUM
Sricam DeviceViewer 3.12.0.1 - Auth Bypass
CVSS 6.5
CVE-2026-0999
MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
CVSS 5.4
CVE-2025-14510
HIGH
ABB Ability OPTIMAX <6.3.1-251120, <6.4.1-251120 - Incorrect Implem...
CVSS 8.1
CVE-2025-4676
HIGH
ABB WebPro SNMP Card PowerValue <1.1.8.K - Auth Bypass
CVSS 8.8
CVE-2025-14273
HIGH
Mattermost <11.1.0, 10.12.3, 10.11.7 - Auth Bypass
CVSS 7.2
CVE-2025-66489
CRITICAL
Cal.com <5.9.8 - Auth Bypass
CVSS 9.8
CVE-2025-13390
CRITICAL
Wpdirectorykit WP Directory Kit < 1.4.4 - Authentication Bypass
CVSS 10.0
CVE-2025-12421
CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
CVSS 9.9
CVE-2025-12419
CRITICAL
Mattermost <10.12.1, 10.11.4, 10.5.12, 11.0.3 - Open Redirect
CVSS 9.9
CVE-2025-63210
CRITICAL
Newtec Celox UHD - Auth Bypass
CVSS 9.8
CVE-2025-53782
HIGH
Microsoft Exchange Server - Privilege Escalation
CVSS 8.4
CVE-2025-61783
Python Social Auth <5.6.0 - Info Disclosure
CVE-2025-43727
HIGH
Dell PowerProtect Data Domain - Auth Bypass
CVSS 7.5
CVE-2025-57808
HIGH
ESPHome <2025.8.0 - Auth Bypass
CVSS 8.1
CVE-2025-8881
MEDIUM
Google Chrome < 139.0.7258.127 - Origin Validation Error
CVSS 6.5
CVE-2025-43856
immich <1.132.0 - Auth Bypass
CVE-2025-44557
HIGH
Cypress PSoC4 <3.66 - Auth Bypass
CVSS 8.1
CVE-2025-48994
SignXML <4.0.4 - Algorithm Confusion
CVE-2025-3230
MEDIUM
Mattermost <10.7.0-10.6.2-10.5.3-9.11.12 - Info Disclosure
CVSS 5.4
CVE-2025-2571
MEDIUM
Mattermost <10.7.0-10.5.3-9.11.12 - Auth Bypass
CVSS 4.2
CVE-2025-2475
MEDIUM
Mattermost <10.5.1-10.4.3-9.11.9 - Info Disclosure
CVSS 5.4
CVE-2024-8314
B&R APROL <4.4-00P5 - Privilege Escalation
CVE-2025-23046
HIGH
GLPI <10.0.18 - Auth Bypass
CVSS 7.5
CVE-2025-21311
CRITICAL
Windows NTLM < - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities
75