CWE-1390 · Weak Authentication

81 CVEs classified under CWE-1390 (Weak Authentication). Browse by severity and year.

Top CVEs for CWE-1390
CVESeverityScorePublishedSummary
CVE-2025-30412Critical10.02026-02-20Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor…
CVE-2025-30411Critical10.02026-02-20Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) befor…
CVE-2026-6274Critical9.82026-06-05Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline…
CVE-2026-6886Critical9.82026-04-23Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attacke…
CVE-2026-28710Critical9.82026-03-06Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows…
CVE-2025-40554Critical9.82026-01-28SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific a…
CVE-2025-40552Critical9.82026-01-28SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute acti…
CVE-2023-53894Critical9.82025-12-16phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. At…
CVE-2025-63807Critical9.82025-11-20An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code g…
CVE-2025-12871Critical9.82025-11-12The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and us…
CVE-2025-12870Critical9.82025-11-12The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administr…
CVE-2025-39596Critical9.82025-04-17Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.
CVE-2024-54092Critical9.82025-04-08A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Indust…
CVE-2025-1387Critical9.82025-02-17Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
CVE-2024-13239Critical9.82025-01-09Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): fro…
CVE-2023-49340Critical9.82024-03-09An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authe…
CVE-2022-43400Critical9.82022-10-21A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applicati…
CVE-2026-27478Critical9.12026-03-11Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog…
CVE-2024-45367Critical9.12024-10-03The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a pa…
CVE-2024-39848Critical9.12024-06-29Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws…