VYPR

CWE-1390

Weak Authentication

ClassIncomplete

Description

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

Hierarchy (View 1000)

CVEs mapped to this weakness (33)

page 1 of 2
  • CVE-2026-6274CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3…

  • CVE-2026-6886CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

  • CVE-2025-39596CriApr 17, 2025
    risk 0.64cvss 9.8epss 0.00

    Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.

  • CVE-2024-54092CriApr 8, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1),…

  • CVE-2023-49340CriMar 9, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.

  • CVE-2024-45367CriOct 3, 2024
    risk 0.59cvss 9.1epss 0.01

    The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.

  • CVE-2024-39848CriJun 29, 2024
    risk 0.59cvss 9.1epss 0.00

    Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects…

  • CVE-2025-59249HigOct 14, 2025
    risk 0.57cvss 8.8epss 0.01

    Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-5484HigJun 12, 2025
    risk 0.54cvss 8.3epss 0.00

    A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default …

  • CVE-2026-0274HigJun 10, 2026
    risk 0.53cvss epss 0.00

    An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.

  • CVE-2026-44237HigMay 29, 2026
    risk 0.53cvss 8.1epss 0.00

    FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php…

  • CVE-2026-4924HigApr 1, 2026
    risk 0.53cvss 8.2epss 0.00

    Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially…

  • CVE-2026-4828HigApr 1, 2026
    risk 0.53cvss 8.2epss 0.00

    Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request.

  • CVE-2025-1727HigJul 10, 2025
    risk 0.53cvss 8.1epss 0.01

    The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT …

  • CVE-2025-29994HigMar 13, 2025
    risk 0.53cvss epss 0.00

    This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload…

  • CVE-2026-0204HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

  • CVE-2026-40417HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

  • CVE-2025-11084HigNov 11, 2025
    risk 0.49cvss epss 0.00

    A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.

  • CVE-2024-47397HigDec 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string.

  • CVE-2025-70994HigApr 23, 2026
    risk 0.47cvss 7.3epss 0.00

    Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is…