The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
78 vulnerabilities with CWE-303
CVE-2025-21311
CRITICAL
Windows NTLM < - Privilege Escalation
CVSS 9.8
CVE-2024-8314
MEDIUM
B&R APROL <4.4-00P5 - Privilege Escalation
CVE-2024-56128
MEDIUM
Apache Kafka - Auth Bypass
CVSS 5.3
CVE-2024-52586
MEDIUM
eLabFTW <5.1.0 - Auth Bypass
CVSS 5.4
CVE-2024-10127
CRITICAL
M-Files <24.11 - Auth Bypass
CVSS 9.8
CVE-2024-9999
MEDIUM
WS_FTP Server <8.8.9 - Auth Bypass
CVSS 6.5
CVE-2024-36250
LOW
Mattermost <9.11.3-9.5.11 - Info Disclosure
CVSS 3.1
CVE-2024-10214
LOW
Mattermost <9.11.2-9.5.10 - Info Disclosure
CVSS 3.5
CVE-2024-8642
HIGH
Eclipse Dataspace Components <0.9.0 - Auth Bypass
CVSS 8.1
CVE-2024-25157
MEDIUM
GoAnywhere MFT <7.6.0 - Auth Bypass
CVSS 6.5
CVE-2024-7593
CRITICAL
KEV
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
CVSS 9.8
CVE-2024-41829
LOW
Jetbrains Teamcity < 2024.07 - Authentication Bypass
CVSS 3.5
CVE-2024-34722
HIGH
Google Android - Authentication Bypass
CVSS 8.8
CVE-2024-5658
MEDIUM
CraftCMS - Info Disclosure
CVSS 4.8
CVE-2024-4332
CRITICAL
Tripwire Enterprise 9.1.0 - Auth Bypass
CVE-2024-4985
CRITICAL
GitHub Enterprise Server - Auth Bypass
CVSS 9.8
CVE-2024-35190
MEDIUM
Asterisk <18.23.0 - Info Disclosure
CVSS 5.8
CVE-2024-32879
MEDIUM
Python Social Auth <5.4.1 - Info Disclosure
CVSS 4.9
CVE-2024-26248
HIGH
Windows Kerberos - Privilege Escalation
CVSS 7.5
CVE-2024-3046
HIGH
Eclipse Kura < 5.4.1 - Privilege Escalation
CVSS 7.5
CVE-2023-4860
CRITICAL
Google Chrome <115.0.5790.98 - Sandbox Escape
CVSS 9.6
CVE-2023-44420
HIGH
Dlink Dir-x3260 Firmware < 1.04b01 - Authentication Bypass
CVSS 8.8
CVE-2023-34282
HIGH
Dlink Dir-2150 Firmware < 1.06 - Authentication Bypass
CVSS 8.8
CVE-2023-34274
HIGH
Dlink Dir-2150 Firmware < 1.06 - Authentication Bypass
CVSS 8.8
CVE-2023-32152
MEDIUM
Dlink Dir-2640 Firmware - Authentication Bypass
CVSS 6.5
Details
Vulnerabilities
78